- Description
- DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, authenticated users can read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. No known workarounds are available.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
CVSS 4.0
- Type
- Secondary
- Base score
- 7.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- security-advisories@github.com
- CWE-89
- Hype score
- Not currently trending
🔴 DataEase, Arbitrary File Read/Deserialization, #CVE-2025-24974 (Critical) https://t.co/sd3HUZjZqm
@dailycve
21 Mar 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-24974 🔴 HIGH (7.3) 🏢 dataease - dataease 🏗️ < 2.10.6 🔗 https://t.co/KCqHB8sT8y #CyberCron #VulnAlert #InfoSec https://t.co/lKV9eft0oy
@cybercronai
15 Mar 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24974 DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, authenticated users can read and deserialize arbitrary files th… https://t.co/DXG45hyJrQ
@CVEnew
13 Mar 2025
193 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "077AC13A-3B0F-4DF3-8900-4A282F4EE10F",
"versionEndExcluding": "2.10.6"
}
],
"operator": "OR"
}
]
}
]