CVE-2025-64163
- Source
- https://cve.org/CVERecord?id=CVE-2025-64163
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-64163.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-64163
- Aliases
-
- GHSA-8397-v66p-539m
- Published
- 2025-11-05T23:52:05.196Z
- Modified
- 2026-04-02T12:59:09.213323Z
- Severity
-
- 8.9 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
- Summary
- DataEase's DB2 is vulnerable to SSRF
- Details
-
DataEase is an open source data visualization analysis tool. In versions 2.10.14 and below, the vendor added a blacklist to filter ldap:// and ldaps://. However, omission of protection for the dns:// protocol results in an SSRF vulnerability. This issue is fixed in version 2.10.15.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/64xxx/CVE-2025-64163.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-918" ] }- References
-
- https://github.com/dataease/dataease/releases/tag/v2.10.15
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/64xxx/CVE-2025-64163.json
- https://github.com/dataease/dataease/security/advisories/GHSA-8397-v66p-539m
- https://nvd.nist.gov/vuln/detail/CVE-2025-64163
- https://github.com/dataease/dataease/commit/869b7fb8b10069ac6c326554bfa8f060a539ba85
Affected packages
Git / github.com/dataease/dataease
Affected ranges
- Type
- GIT
- Repo
- https://github.com/dataease/dataease
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v1.*
v1.0.0
v1.0.0-rc1
v1.0.0-rc2
v1.0.1
v1.0.2
v1.1.0
v1.1.1
v1.10.0
v1.11.0
v1.11.1
v1.11.2
v1.11.3
v1.12.0
v1.13.0
v1.13.1
v1.14.0
v1.15.0
v1.15.1
v1.15.2
v1.15.3
v1.15.4
v1.16.0
v1.16.1
v1.17.0
v1.17.1
v1.18.0
v1.18.1
v1.18.10
v1.18.11
v1.18.12
v1.18.13
v1.18.14
v1.18.15
v1.18.16
v1.18.17
v1.18.18
v1.18.19
v1.18.2
v1.18.20
v1.18.21
v1.18.22
v1.18.23
v1.18.24
v1.18.25
v1.18.26
v1.18.27
v1.18.3
v1.18.4
v1.18.5
v1.18.6
v1.18.7
v1.18.8
v1.18.9
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.3.0
v1.4.0
v1.4.1
v1.5.0
v1.5.1
v1.5.2
v1.6.0
v1.6.1
v1.6.2
v1.7.0
v1.8.0
v1.9.0
v1.9.1
v2.*
v2.0.0
v2.1.0
v2.10.0
v2.10.1
v2.10.10
v2.10.11
v2.10.12
v2.10.13
v2.10.14
v2.10.2
v2.10.3
v2.10.4
v2.10.5
v2.10.6
v2.10.7
v2.10.8
v2.10.9
v2.2.0
v2.3.0
v2.4.0
v2.4.1
v2.5.0
v2.6.0
v2.6.1
v2.7.0
v2.7.1
v2.8.0
v2.8.1
v2.9.0