DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, because DB2 parameters are not filtered, a JNDI injection attack can be directly launched. JNDI triggers an AspectJWeaver deserialization attack, writing to various files. This vulnerability requires commons-collections 4.x and aspectjweaver-1.9.22.jar. The vulnerability has been fixed in version 2.10.12.
{
"cwe_ids": [
"CWE-502",
"CWE-94"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/57xxx/CVE-2025-57773.json",
"cna_assigner": "GitHub_M"
}{
"cpe": "cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "2.10.12"
}
],
"source": [
"CPE_RANGE",
"REFERENCES"
]
}[
{
"source": "https://github.com/dataease/dataease/commit/8d04e92d44e1bac9284e9e64df5afd7f96d9373c",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"27627074303964318882417323486351141630",
"97142947938543604819636395956544387028",
"40377677079330361915937831577686115372",
"77336536708444157242984543587993925663",
"226293177076656006578341433282022368995",
"226206026037102308028627587933519385431",
"250607821624320240021707600059182626213",
"229470453148276106606832723164433403161",
"36232095595880197123500286869313831397",
"230413827549299870676532268452966731911",
"155492726525485500818202825548485514582",
"172332398816939070015484972354472842339",
"156049878968505701786302864870376015886",
"234752437833024204454346191164166948173",
"22431626205809116371677207218277129167",
"315779692837072296632638343547471377864",
"198710618279807928606657002811482695105",
"93113150856017422359902813424132491185",
"266492111722602182777196203359326277604",
"121485586516182722547988612588894858163",
"205074086120764524306067702170957869882",
"297006563058528251310354195955554070247",
"255772802642667320584955123374174539061",
"197157854710776494115524897094803834866",
"119267620208540501041600515986837789320",
"67305898528663910404855856363929362337"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2025-57773-39748a8a",
"target": {
"file": "core/core-backend/src/main/java/io/dataease/datasource/type/Db2.java"
}
},
{
"source": "https://github.com/dataease/dataease/commit/8d04e92d44e1bac9284e9e64df5afd7f96d9373c",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "185129634142087683166882728968280083370",
"length": 1094.0
},
"deprecated": false,
"id": "CVE-2025-57773-75e1ef67",
"target": {
"function": "getJdbc",
"file": "core/core-backend/src/main/java/io/dataease/datasource/type/Db2.java"
}
}
]
"2026-07-15T15:53:02Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-57773.json"