CNNVD-202508-2932 Information
CNNVD ID
CNNVD-202508-2932
Related CVE
- CNNVD Published: 2025-08-25
Description (Chinese)
DataEase是DataEase开源的一个开源的数据可视化分析工具。用于帮助用户快速分析数据并洞察业务趋势,从而实现业务的改进与优化。 DataEase 2.10.12之前版本存在代码注入漏洞,该漏洞源于H2 JDBC RCE绕过,可能导致远程代码执行。
Description (English)
DataEase is an open source data visualization analysis tool for DataEase open sources. To help users quickly analyse data and see business trends, thereby improving and optimizing operations. The preDataEase 2.10.12 version has a code-injecting loophole, which originates from the circumvention of H2 JDBC RCE and may lead to remote code execution.
Hazard Level
Medium
Vulnerability Type
代码注入
Affected Vendor
DataEase
Published
2025-08-25
Last Modified
2026-02-24
References
https://github.com/dataease/dataease/security/advisories/GHSA-v37q-vh67-9rqv https://github.com/dataease/dataease/commit/1644d81dff46272b09570fa1f4a8f83f01f37440 https://nvd.nist.gov/vuln/detail/CVE-2025-57772
Patch
https://github.com/dataease/dataease/releases
Share on: