← Volver a CVEs
CVE-2025-32966
CRITICAL9.8
Descripcion
DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.8, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.8.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado4/23/2025
Ultima modificacion6/24/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
dataease:dataease
Debilidades (CWE)
CWE-290
Referencias
https://github.com/dataease/dataease/security/advisories/GHSA-h7hj-4j78-cvc7(security-advisories@github.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.