CVE-2025-57773

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.12

Description: DataEase is an open source business intelligence and data visualization tool. Due to insufficient filtering of DB2 parameters, a JNDI injection attack can be launched, triggering an AspectJWeaver deserialization attack that results in writing to various files. This vulnerability requires commons-collections 4.x and aspectjweaver-1.9.22.jar.

Recommendations: Update DataEase to version 2.10.12 or later.

Exploit

Fix

RCE

Code Injection

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-502

Related Identifiers

CVE-2025-57773

GHSA-7R8J-6WHV-4J5P

Affected Products

Db2

Dataease

Aspectjweaver-1.9.22.Jar

Commons-Collections

CVE-2025-57773

Weakness Enumeration

Related Identifiers

Affected Products

References · 16