DataEase DB2 JNDI Vulnerability_CVE-2025-64428

8.9 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection. A blacklist was added in the patch for version 2.10.14. However, JNDI injection remains possible via the iiop, corbaname, and iiopname schemes. The vulnerability has been fixed in version 2.10.17.

Basic Information

ID CVE-2025-64428

Source GitHub_M

Published Nov 20, 2025 at 17:07

Affected Product

Vendor dataease

Product dataease

Version < 2.10.17

Affected Versions dataease dataease < 2.10.17

CWE Classification

CWE-74

References

{
    "lastseen": "",
    "description": "Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection. A blacklist was added in the patch for version 2.10.14. However, JNDI injection remains possible via the iiop, corbaname, and iiopname schemes. The vulnerability has been fixed in version 2.10.17.",
    "published": "2025-11-20T17:07:00.575Z",
    "modified": "2025-11-20T17:07:00.575Z",
    "type": "cve",
    "title": "DataEase DB2 JNDI Vulnerability",
    "source": "GitHub_M",
    "references": "https://github.com/dataease/dataease/security/advisories/GHSA-88ph-3236-2m2h\nhttps://github.com/dataease/dataease/commit/b7e585c1cc3fc2b73cb289b8680b4b3914be3d53\nhttps://github.com/dataease/dataease/releases/tag/v2.10.17",
    "id": "CVE-2025-64428",
    "bulletinFamily": "",
    "cwe": [
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "dataease dataease < 2.10.17",
    "sourceHref": "",
    "cvss": {
        "score": 8.9,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "dataease",
    "version": "< 2.10.17",
    "vendor": "dataease",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}