CVE-2025-64428

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dataease versions prior to 2.10.17

Description Dataease, an open source data visualization analysis tool, is susceptible to JNDI injection. A previous patch (version 2.10.14) included a blacklist, but the issue persists through the iiop, corbaname, and iiopname schemes.

Recommendations Update to version 2.10.17 or later.

Exploit

Fix

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74

Related Identifiers

CVE-2025-64428

GHSA-88PH-3236-2M2H

Affected Products

Dataease

CVE-2025-64428

Weakness Enumeration

Related Identifiers

Affected Products

References · 11