VYPR
Unrated severityNVD Advisory· Published Mar 13, 2025· Updated Mar 13, 2025

DataEase Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability

CVE-2025-24974

Description

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, authenticated users can read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. No known workarounds are available.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Dataease/Dataeasellm-fuzzy2 versions
    <=2.10.6+ 1 more
    • (no CPE)range: <=2.10.6
    • (no CPE)range: < 2.10.6

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.