CVE 8.8 HIGH

CVE-2025-70828_CVE-2025-70828

February 17, 2026 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration

AI Analysis

Arbitrary code execution via the url parameter in the JDBC configuration

Basic Information

ID CVE-2025-70828

Source mitre

Published Feb 17, 2026 at 00:00

Modified Feb 17, 2026 at 15:59

Affected Product

Vendor Datart

Product Datart

Version 1.0.0-rc.3

Affected Versions n/a n/a n/a

CWE Classification

CWE-78

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Datart

Product Datart

Version 1.0.0-rc.3

References

{
    "lastseen": "",
    "description": "An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration",
    "published": "2026-02-17T00:00:00.000Z",
    "modified": "2026-02-17T15:59:06.768Z",
    "type": "cve",
    "title": "CVE-2025-70828",
    "source": "mitre",
    "references": "https://dev.mysql.com/doc/connector-j/en/connector-j-connprops-interceptor-classes-and-interfaces.html\nhttps://github.com/xiaoxiaoranxxx/CVE-2025-70828",
    "id": "CVE-2025-70828",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Datart",
    "version": "1.0.0-rc.3",
    "vendor": "Datart",
    "ai_description": "Arbitrary code execution via the url parameter in the JDBC configuration",
    "ai_severity": "High",
    "ai_vendor": "Datart",
    "ai_product": "Datart",
    "ai_version": "1.0.0-rc.3",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply