CVE-2025-53004

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-53004
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has been patched in version 2.10.11.

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/dataease/dataease/security/advisories/GHSA-mfg2-qr5c-99pp Exploit Vendor Advisory
https://github.com/dataease/dataease/security/advisories/GHSA-mfg2-qr5c-99pp Exploit Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*
History

10 Jul 2025, 13:42

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*
First Time Dataease
Dataease dataease
References () https://github.com/dataease/dataease/security/advisories/GHSA-mfg2-qr5c-99pp - () https://github.com/dataease/dataease/security/advisories/GHSA-mfg2-qr5c-99pp - Exploit, Vendor Advisory

01 Jul 2025, 01:15

Type Values Removed Values Added
Summary DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, the sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has been patched in version 2.10.11. DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has been patched in version 2.10.11.
References
  • {'url': 'https://github.com/dataease/dataease/commit/dd35752f298b1a4079d9993b622220d321b0c8a6', 'name': 'https://github.com/dataease/dataease/commit/dd35752f298b1a4079d9993b622220d321b0c8a6', 'tags': [], 'refsource': ''}
CWE CWE-287 CWE-153

30 Jun 2025, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-06-30 21:15

Updated : 2025-07-10 13:42

NVD link : CVE-2025-53004

Mitre link : CVE-2025-53004

JSON object : View

Products Affected

dataease

  • dataease
CWE
CWE-153

Improper Neutralization of Substitution Characters