Unrated severityNVD Advisory· Published Mar 13, 2025· Updated Mar 13, 2025
DataEase Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability
CVE-2025-24974
Description
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, authenticated users can read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. No known workarounds are available.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- github.com/dataease/dataease/security/advisories/GHSA-wmfp-mjf3-57f5mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.