CVE-2025-64428
- Source
- https://cve.org/CVERecord?id=CVE-2025-64428
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-64428.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-64428
- Aliases
-
- GHSA-88ph-3236-2m2h
- Published
- 2025-11-20T17:07:00.575Z
- Modified
- 2026-04-02T12:59:19.313473Z
- Severity
-
- 8.9 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P CVSS Calculator
- Summary
- DataEase DB2 JNDI Vulnerability
- Details
-
Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection. A blacklist was added in the patch for version 2.10.14. However, JNDI injection remains possible via the iiop, corbaname, and iiopname schemes. The vulnerability has been fixed in version 2.10.17.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/64xxx/CVE-2025-64428.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-74" ] }- References
-
- https://github.com/dataease/dataease/releases/tag/v2.10.17
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/64xxx/CVE-2025-64428.json
- https://github.com/dataease/dataease/security/advisories/GHSA-88ph-3236-2m2h
- https://nvd.nist.gov/vuln/detail/CVE-2025-64428
- https://github.com/dataease/dataease/commit/b7e585c1cc3fc2b73cb289b8680b4b3914be3d53
Affected packages
Git / github.com/dataease/dataease
Affected ranges
- Type
- GIT
- Repo
- https://github.com/dataease/dataease
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v1.*
v1.0.0
v1.0.0-rc1
v1.0.0-rc2
v1.0.1
v1.0.2
v1.1.0
v1.1.1
v1.10.0
v1.11.0
v1.11.1
v1.11.2
v1.11.3
v1.12.0
v1.13.0
v1.13.1
v1.14.0
v1.15.0
v1.15.1
v1.15.2
v1.15.3
v1.15.4
v1.16.0
v1.16.1
v1.17.0
v1.17.1
v1.18.0
v1.18.1
v1.18.10
v1.18.11
v1.18.12
v1.18.13
v1.18.14
v1.18.15
v1.18.16
v1.18.17
v1.18.18
v1.18.19
v1.18.2
v1.18.20
v1.18.21
v1.18.22
v1.18.23
v1.18.24
v1.18.25
v1.18.26
v1.18.27
v1.18.3
v1.18.4
v1.18.5
v1.18.6
v1.18.7
v1.18.8
v1.18.9
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.3.0
v1.4.0
v1.4.1
v1.5.0
v1.5.1
v1.5.2
v1.6.0
v1.6.1
v1.6.2
v1.7.0
v1.8.0
v1.9.0
v1.9.1
v2.*
v2.0.0
v2.1.0
v2.10.0
v2.10.1
v2.10.10
v2.10.11
v2.10.12
v2.10.13
v2.10.14
v2.10.15
v2.10.16
v2.10.2
v2.10.3
v2.10.4
v2.10.5
v2.10.6
v2.10.7
v2.10.8
v2.10.9
v2.2.0
v2.3.0
v2.4.0
v2.4.1
v2.5.0
v2.6.0
v2.6.1
v2.7.0
v2.7.1
v2.8.0
v2.8.1
v2.9.0