6 matches found
CVE-2025-27103
creationtimestamp| type| source ---|---|--- 2025-03-13 19:48:26+00:00| seen| https://t.me/cvedetector/20246...
CVE-2025-27103
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. ...
CVE-2025-27103 Dataease Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. ...
CVE-2025-27103 Dataease Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. ...
CVE-2025-27103
Summary (CVE-2025-27103) DataEase (open source BI tool) prior to v2.10.6 is affected by a bypass of the patch for CVE-2024-55953 that allows authenticated users to read and deserialize arbitrary files via the background JDBC connection. The issue arises from the unfiltered JDBC connection string ...
CVE-2025-27103 Dataease Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. ...