CVE-2025-56816

Name of the Vulnerable Software and Affected Versions Datart version 1.0.0-rc.3

Description The application allows attackers to upload arbitrary YAML files to the config/jdbc-driver-ext.yml path. The application parses these files using SnakeYAML's load() or loadAs() method without input sanitization, enabling deserialization of attacker-controlled YAML content and potentially leading to arbitrary class instantiation. This could result in remote code execution (RCE).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.