CVE-2025-53006

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.11

Description: DataEase is an open source business intelligence and data visualization tool. The issue lies in parameters like sslfactory and sslfactoryarg, which have similar functionality to socketfactory and socketfactoryarg, but need to be triggered after establishing the connection. Other similar parameters include sslhostnameverifier, sslpasswordcallback, and authenticationPluginClassName.

Recommendations: For versions prior to 2.10.11, update to version 2.10.11 to resolve the issue. As a temporary workaround, consider restricting the use of parameters like sslfactory and sslfactoryarg until the update is applied.