DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, there is a H2 JDBC RCE bypass in DataEase. If the JDBC URL meets criteria, the getJdbcUrl method is returned, which acts as the getter for the JdbcUrl parameter provided. This bypasses H2's filtering logic and returns the H2 JDBC URL, allowing the "driver":"org.h2.Driver" to specify the H2 driver for the JDBC connection. The vulnerability has been fixed in version 2.10.12.
{
"cna_assigner": "GitHub_M",
"cwe_ids": [
"CWE-94"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/57xxx/CVE-2025-57772.json"
}{
"source": [
"CPE_RANGE",
"REFERENCES"
],
"cpe": "cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "2.10.12"
}
]
}"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-57772.json"
[
{
"id": "CVE-2025-57772-0c06767f",
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/dataease/dataease/commit/1644d81dff46272b09570fa1f4a8f83f01f37440",
"deprecated": false,
"digest": {
"function_hash": "256554938771478780442828783751474596058",
"length": 706.0
},
"target": {
"function": "getJdbc",
"file": "core/core-backend/src/main/java/io/dataease/datasource/type/Oracle.java"
}
},
{
"id": "CVE-2025-57772-1698a1b3",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/dataease/dataease/commit/1644d81dff46272b09570fa1f4a8f83f01f37440",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"23757338840592367074786271824445765928",
"137118489655014640805630097006327311185",
"49705660588032014071884621681836796323",
"121792339078831036714911070597933511577"
]
},
"target": {
"file": "core/core-backend/src/main/java/io/dataease/datasource/type/Redshift.java"
}
},
{
"id": "CVE-2025-57772-24abc64d",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/dataease/dataease/commit/1644d81dff46272b09570fa1f4a8f83f01f37440",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"3682491180337774735492088248212711218",
"137118489655014640805630097006327311185",
"49705660588032014071884621681836796323",
"131427123251763910502019681955658018229"
]
},
"target": {
"file": "core/core-backend/src/main/java/io/dataease/datasource/type/Mysql.java"
}
},
{
"id": "CVE-2025-57772-50ae2587",
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/dataease/dataease/commit/1644d81dff46272b09570fa1f4a8f83f01f37440",
"deprecated": false,
"digest": {
"function_hash": "323061625201023349501432989808329884404",
"length": 748.0
},
"target": {
"function": "getJdbc",
"file": "core/core-backend/src/main/java/io/dataease/datasource/type/CK.java"
}
},
{
"id": "CVE-2025-57772-598d20ad",
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/dataease/dataease/commit/1644d81dff46272b09570fa1f4a8f83f01f37440",
"deprecated": false,
"digest": {
"function_hash": "160492777701142202855704762939884143636",
"length": 791.0
},
"target": {
"function": "getJdbc",
"file": "core/core-backend/src/main/java/io/dataease/datasource/type/Redshift.java"
}
},
{
"id": "CVE-2025-57772-6f6f6b05",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/dataease/dataease/commit/1644d81dff46272b09570fa1f4a8f83f01f37440",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"27627074303964318882417323486351141630",
"272790013953672796150386807231842354032",
"171457449788107737185421138346977175272",
"155492726525485500818202825548485514582",
"172332398816939070015484972354472842339"
]
},
"target": {
"file": "core/core-backend/src/main/java/io/dataease/datasource/type/Mongo.java"
}
},
{
"id": "CVE-2025-57772-72aa9500",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/dataease/dataease/commit/1644d81dff46272b09570fa1f4a8f83f01f37440",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"27627074303964318882417323486351141630",
"272790013953672796150386807231842354032",
"171457449788107737185421138346977175272",
"155492726525485500818202825548485514582",
"172332398816939070015484972354472842339"
]
},
"target": {
"file": "core/core-backend/src/main/java/io/dataease/datasource/type/Impala.java"
}
},
{
"id": "CVE-2025-57772-74adefe5",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/dataease/dataease/commit/1644d81dff46272b09570fa1f4a8f83f01f37440",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"110933217615169316001806491425634383769",
"137118489655014640805630097006327311185",
"49705660588032014071884621681836796323",
"203174799191427566620597313802144224224"
]
},
"target": {
"file": "core/core-backend/src/main/java/io/dataease/datasource/type/Db2.java"
}
},
{
"id": "CVE-2025-57772-7809bc80",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/dataease/dataease/commit/1644d81dff46272b09570fa1f4a8f83f01f37440",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"27627074303964318882417323486351141630",
"241075840831451737810488679501752633791",
"230413827549299870676532268452966731911",
"155492726525485500818202825548485514582",
"78087433515453413823786164604187590088"
]
},
"target": {
"file": "core/core-backend/src/main/java/io/dataease/datasource/type/Oracle.java"
}
},
{
"id": "CVE-2025-57772-81bbbdb8",
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/dataease/dataease/commit/1644d81dff46272b09570fa1f4a8f83f01f37440",
"deprecated": false,
"digest": {
"function_hash": "194965484651173277104040408159602013466",
"length": 772.0
},
"target": {
"function": "getJdbc",
"file": "core/core-backend/src/main/java/io/dataease/datasource/type/Sqlserver.java"
}
},
{
"id": "CVE-2025-57772-a22728d7",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/dataease/dataease/commit/1644d81dff46272b09570fa1f4a8f83f01f37440",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"27627074303964318882417323486351141630",
"116151248021616525147549313345851321911",
"230413827549299870676532268452966731911",
"155492726525485500818202825548485514582",
"172332398816939070015484972354472842339",
"307313047144167514548660011036587434750",
"218566917964947618261136916994581201392",
"46958366425708698470715653761462115100",
"306889702375309906217025182719901388652",
"130191747495566765357858499324510657492",
"38851420526857209240461188799402472185",
"149035767662142678828418635795166846892",
"60489612171580857010862227886461451827"
]
},
"target": {
"file": "core/core-backend/src/main/java/io/dataease/datasource/type/CK.java"
}
},
{
"id": "CVE-2025-57772-bc1cd87c",
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/dataease/dataease/commit/1644d81dff46272b09570fa1f4a8f83f01f37440",
"deprecated": false,
"digest": {
"function_hash": "105551996778645940445512813741637268168",
"length": 1400.0
},
"target": {
"function": "getJdbc",
"file": "core/core-backend/src/main/java/io/dataease/datasource/type/Mysql.java"
}
},
{
"id": "CVE-2025-57772-bf663da4",
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/dataease/dataease/commit/1644d81dff46272b09570fa1f4a8f83f01f37440",
"deprecated": false,
"digest": {
"function_hash": "134578047148909783629916950705463096659",
"length": 1656.0
},
"target": {
"function": "getJdbc",
"file": "core/core-backend/src/main/java/io/dataease/datasource/type/Pg.java"
}
},
{
"id": "CVE-2025-57772-c109a1dc",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/dataease/dataease/commit/1644d81dff46272b09570fa1f4a8f83f01f37440",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"23757338840592367074786271824445765928",
"137118489655014640805630097006327311185",
"49705660588032014071884621681836796323",
"131427123251763910502019681955658018229"
]
},
"target": {
"file": "core/core-backend/src/main/java/io/dataease/datasource/type/Pg.java"
}
},
{
"id": "CVE-2025-57772-cb9dfe10",
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/dataease/dataease/commit/1644d81dff46272b09570fa1f4a8f83f01f37440",
"deprecated": false,
"digest": {
"function_hash": "59384475017983037905694381714415158882",
"length": 740.0
},
"target": {
"function": "getJdbc",
"file": "core/core-backend/src/main/java/io/dataease/datasource/type/Impala.java"
}
},
{
"id": "CVE-2025-57772-e38250a7",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/dataease/dataease/commit/1644d81dff46272b09570fa1f4a8f83f01f37440",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"27627074303964318882417323486351141630",
"272790013953672796150386807231842354032",
"171457449788107737185421138346977175272",
"155492726525485500818202825548485514582",
"172332398816939070015484972354472842339"
]
},
"target": {
"file": "core/core-backend/src/main/java/io/dataease/datasource/type/Sqlserver.java"
}
},
{
"id": "CVE-2025-57772-e8a46750",
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/dataease/dataease/commit/1644d81dff46272b09570fa1f4a8f83f01f37440",
"deprecated": false,
"digest": {
"function_hash": "61449927374068713371938487920096925176",
"length": 1525.0
},
"target": {
"function": "getJdbc",
"file": "core/core-backend/src/main/java/io/dataease/datasource/type/Db2.java"
}
},
{
"id": "CVE-2025-57772-f53d23af",
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/dataease/dataease/commit/1644d81dff46272b09570fa1f4a8f83f01f37440",
"deprecated": false,
"digest": {
"function_hash": "506107949034947191046459658789950843",
"length": 915.0
},
"target": {
"function": "getJdbc",
"file": "core/core-backend/src/main/java/io/dataease/datasource/type/Mongo.java"
}
}
]
"2026-07-15T15:30:18Z"