CVE-2025-46566

DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.9.
Configurations

Configuration 1 (hide)

cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*

History

28 May 2025, 16:02

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
First Time Dataease
Dataease dataease
CPE cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*
References () https://github.com/dataease/dataease/security/advisories/GHSA-hxw4-vpfp-frgv - () https://github.com/dataease/dataease/security/advisories/GHSA-hxw4-vpfp-frgv - Exploit, Vendor Advisory
CWE NVD-CWE-Other

02 May 2025, 18:15

Type Values Removed Values Added
References () https://github.com/dataease/dataease/security/advisories/GHSA-hxw4-vpfp-frgv - () https://github.com/dataease/dataease/security/advisories/GHSA-hxw4-vpfp-frgv -

02 May 2025, 13:52

Type Values Removed Values Added
Summary
  • (es) DataEase es una herramienta de inteligencia empresarial (BI) de código abierto alternativa a Tableau. Antes de la versión 2.10.9, los usuarios autenticados podían completar RCE mediante el enlace JDBC del backend. Este problema se ha corregido en la versión 2.10.9.

01 May 2025, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-05-01 18:15

Updated : 2025-05-28 16:02


NVD link : CVE-2025-46566

Mitre link : CVE-2025-46566

CVE.ORG link : CVE-2025-46566


JSON object : View

Products Affected

dataease

  • dataease
CWE
CWE-284

Improper Access Control

CWE-923

Improper Restriction of Communication Channel to Intended Endpoints

NVD-CWE-Other