CVE-2025-48999

Опубликовано: 03 июн. 2025

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

DataEase is an open source business intelligence and data visualization tool. A bypass of CVE-2025-46566's patch exists in versions prior to 2.10.10. In a malicious payload, getUrlType() retrieves hostName. Since the judgment statement returns false, it will not enter the if statement and will not be filtered. The payload can be directly concatenated at the replace location to construct a malicious JDBC statement. Version 2.10.10 contains a patch for the issue.

Ссылки

https://github.com/dataease/dataease/commit/03b18db8a0fb7e9dc2c44f6d26d8c6221b7748c4
Patch
https://github.com/dataease/dataease/security/advisories/GHSA-6pq2-6q8x-mp2r
Exploit
Third Party Advisory
https://github.com/dataease/dataease/security/advisories/GHSA-6pq2-6q8x-mp2r
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*

Версия до 2.10.10 (исключая)

EPSS

Процентиль: 15%

0.00049

Низкий

8.8 High

CVSS3

Дефекты

CWE-284

NVD-CWE-noinfo