CVE-2025-49002

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.10

Description DataEase is an open source business intelligence and data visualization tool. A flaw exists in a previous patch that allows it to be bypassed through case insensitivity because the prohibited terms INIT and RUNSCRIPT are not handled regardless of case, potentially leading to remote code execution via SQL injection bypass.

Recommendations Update to version 2.10.10.

Exploit

Fix

RCE

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-290

Related Identifiers

CVE-2025-49002

GHSA-999M-JV2P-5H34

GHSA-H7HJ-4J78-CVC7

Affected Products

Dataease

CVE-2025-49002

Weakness Enumeration

Related Identifiers

Affected Products

References · 11