CVE-2025-53005

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.11

Description: DataEase is an open source business intelligence and data visualization tool. There is a bypass vulnerability in DataEase's PostgreSQL Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has been patched in version 2.10.11.

Recommendations: For versions prior to 2.10.11, update to version 2.10.11 to resolve the issue. As a temporary workaround, consider restricting the use of the sslfactory and sslfactoryarg parameters in the PostgreSQL Data Source JDBC Connection Parameters until the update is applied.