VYPR
Unrated severityNVD Advisory· Published Jun 3, 2025· Updated Jun 4, 2025

Dataease H2 Database Remote Code Execution (RCE) Bypass Vulnerability

CVE-2025-49002

Description

DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that allow the patch to be bypassed through case insensitivity because INIT and RUNSCRIPT are prohibited. The vulnerability has been fixed in v2.10.10. No known workarounds are available.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Dataease/Dataeasellm-fuzzy2 versions
    <2.10.10+ 1 more
    • (no CPE)range: <2.10.10
    • (no CPE)range: < 2.10.10

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.