Vulnerabilities > CVE-2025-24974 - Missing Authorization vulnerability in Dataease

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

dataease

CWE-862

NVD

Published: 2025-03-13

Updated: 2025-03-21

Summary

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, authenticated users can read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. No known workarounds are available.

Vulnerable Configurations

Part	Description	Count
Application	Dataease Dataease Dataease - Dataease Dataease 1.0.0 Dataease Dataease 1.0.1 Dataease Dataease 1.0.2 Dataease Dataease 1.1.0 Dataease Dataease 1.1.1 Dataease Dataease 1.2.0 Dataease Dataease 1.2.1 Dataease Dataease 1.2.2 Dataease Dataease 1.2.3 Dataease Dataease 1.3.0 Dataease Dataease 1.4.0 Dataease Dataease 1.4.1 Dataease Dataease 1.5.0 Dataease Dataease 1.5.1 Dataease Dataease 1.5.2 Dataease Dataease 1.6.0 Dataease Dataease 1.6.1 Dataease Dataease 1.6.2 Dataease Dataease 1.7.0 Dataease Dataease 1.8.0 Dataease Dataease 1.9.0 Dataease Dataease 1.9.1 Dataease Dataease 1.10.0 Dataease Dataease 1.11.0 Dataease Dataease 1.11.1 Dataease Dataease 1.11.2 Dataease Dataease 1.11.3 Dataease Dataease 1.12.0 Dataease Dataease 1.13.0 Dataease Dataease 1.13.1 Dataease Dataease 1.14.0 Dataease Dataease 1.15.0 Dataease Dataease 1.15.1 Dataease Dataease 1.15.2 Dataease Dataease 1.15.3 Dataease Dataease 1.15.4 Dataease Dataease 1.16.0 Dataease Dataease 1.16.1 Dataease Dataease 1.17.0 Dataease Dataease 1.17.1 Dataease Dataease 1.18.0 Dataease Dataease 1.18.1 Dataease Dataease 1.18.2 Dataease Dataease 1.18.3 Dataease Dataease 1.18.4 Dataease Dataease 1.18.5 Dataease Dataease 1.18.6 Dataease Dataease 1.18.7 Dataease Dataease 1.18.8 Dataease Dataease 1.18.9 Dataease Dataease 1.18.10 Dataease Dataease 1.18.11 Dataease Dataease 1.18.12 Dataease Dataease 1.18.13 Dataease Dataease 1.18.14 Dataease Dataease 1.18.15 Dataease Dataease 1.18.16 Dataease Dataease 1.18.17 Dataease Dataease 1.18.18 Dataease Dataease 1.18.19 Dataease Dataease 1.18.20 Dataease Dataease 1.18.21 Dataease Dataease 1.18.22 Dataease Dataease 1.18.23 Dataease Dataease 1.18.24 Dataease Dataease 1.18.25 Dataease Dataease 1.18.26 Dataease Dataease 1.18.27 Dataease Dataease 2.0.0 Dataease Dataease 2.1.0 Dataease Dataease 2.2.0 Dataease Dataease 2.3.0 Dataease Dataease 2.4.0 Dataease Dataease 2.4.1 Dataease Dataease 2.5.0 Dataease Dataease 2.6.0 Dataease Dataease 2.6.1 Dataease Dataease 2.7.0 Dataease Dataease 2.7.1 Dataease Dataease 2.8.0 Dataease Dataease 2.8.1 Dataease Dataease 2.9.0 Dataease Dataease 2.10.0 Dataease Dataease 2.10.1 Dataease Dataease 2.10.2 Dataease Dataease 2.10.3 Dataease Dataease 2.10.4	94

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://github.com/dataease/dataease/security/advisories/GHSA-wmfp-mjf3-57f5