CVE-2025-48999

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.10

Description A bypass of the patch for a previous issue exists, allowing for the construction of a malicious JDBC statement. In a malicious payload, the getUrlType() function retrieves the hostName. Since the judgment statement returns false, it will not enter the if statement and will not be filtered. This allows the payload to be directly concatenated at the replace location.

Recommendations For versions prior to 2.10.10, update to version 2.10.10 to resolve the issue. As a temporary workaround, consider restricting the use of the getUrlType() function until the patch is applied. Avoid using the hostName variable in the affected JDBC statement until the issue is resolved.