CVE-2025-53006

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-53006
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53006.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-53006
Aliases
  • GHSA-q726-5pr9-x7gm
Published
2025-07-02T14:22:31.107Z
Modified
2026-04-12T17:04:15.075272Z
Severity
  • 8.9 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
Dataease PostgreSQL & Redshift Data Source JDBC Connection Parameters Bypass Vulnerability
Details

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreSQL and Redshift, apart from parameters like "socketfactory" and "socketfactoryarg", there are also "sslfactory" and "sslfactoryarg" with similar functionality. The difference lies in that "sslfactory" and related parameters need to be triggered after establishing the connection. Other similar parameters include "sslhostnameverifier", "sslpasswordcallback", and "authenticationPluginClassName". This issue has been patched in 2.10.11.

Database specific 
{
    "cwe_ids": [
        "CWE-153"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/53xxx/CVE-2025-53006.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/dataease/dataease

Affected ranges

Type
GIT
Repo
https://github.com/dataease/dataease
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
872597925338dbf16f6af9e5b66ba4fbb6907514

Affected versions

v1.*
v1.0.0
v2.*
v2.10.0
v2.10.1
v2.10.10
v2.10.2
v2.10.3
v2.10.4
v2.10.5
v2.10.6
v2.10.7
v2.10.8
v2.10.9
v2.2.0
v2.3.0
v2.6.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53006.json"
vanir_signatures_modified 
"2026-04-12T17:04:15Z"
vanir_signatures 
[
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 241.0,
            "function_hash": "183003779497483947224845251740197970733"
        },
        "source": "https://github.com/dataease/dataease/commit/872597925338dbf16f6af9e5b66ba4fbb6907514",
        "id": "CVE-2025-53006-44d1aec3",
        "signature_type": "Function",
        "target": {
            "function": "getJdbc",
            "file": "core/core-backend/src/main/java/io/dataease/datasource/type/H2.java"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "100456944153765217509785831818021985500",
                "42185638248660599097384144752533775061",
                "262806380832579929368515941997875256289",
                "283362053816985036004927096577222560716",
                "334081505712768125582536326672569134219",
                "159267869677055451445996061063063280061",
                "333487707478739931352209523162417589534",
                "228091582504442549553598166391130391852"
            ]
        },
        "source": "https://github.com/dataease/dataease/commit/872597925338dbf16f6af9e5b66ba4fbb6907514",
        "id": "CVE-2025-53006-d3b14c21",
        "signature_type": "Line",
        "target": {
            "file": "core/core-backend/src/main/java/io/dataease/datasource/type/H2.java"
        }
    }
]