CVE-2025-10080

Name of the Vulnerable Software and Affected Versions Datart versions up to 1.0.0-rc3

Description A vulnerability exists in Datart due to the use of a hard-coded cryptographic key within the getTokensecret function located in the datart/security/src/main/java/datart/security/util/AESUtil.java file of the API component. The issue is remotely exploitable and considered to have high complexity, though exploitation is difficult. The exploit has been publicly disclosed.

Recommendations Versions prior to 1.0.0-rc3: As a temporary workaround, consider restricting access to the getTokensecret function until a patch is available.