PT-2025-42626 · Dataease · Dataease

Published

2025-10-17

Updated

2025-10-24

CVE-2025-62419

CVSS v4.0

8.2

High

Vector

AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions DataEase versions through 2.10.13

Description DataEase is a data visualization and analytics platform. A JDBC URL injection vulnerability exists in the DB2 and MongoDB data sources. The issue allows for potential unauthorized access or manipulation of data through crafted JDBC URLs.

Recommendations Update DataEase to a version later than 2.10.13.

Exploit

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2025-62419

GHSA-X4X9-MJCF-99R9

Affected Products

Dataease

PT-2025-42626 · Dataease · Dataease

CVE-2025-62419

Weakness Enumeration

Related Identifiers

Affected Products

References · 10