VYPR
Unrated severityNVD Advisory· Published Jul 2, 2025· Updated Jul 2, 2025

Dataease PostgreSQL & Redshift Data Source JDBC Connection Parameters Bypass Vulnerability

CVE-2025-53006

Description

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreSQL and Redshift, apart from parameters like "socketfactory" and "socketfactoryarg", there are also "sslfactory" and "sslfactoryarg" with similar functionality. The difference lies in that "sslfactory" and related parameters need to be triggered after establishing the connection. Other similar parameters include "sslhostnameverifier", "sslpasswordcallback", and "authenticationPluginClassName". This issue has been patched in 2.10.11.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Dataease/Dataeasellm-fuzzy2 versions
    <2.10.11+ 1 more
    • (no CPE)range: <2.10.11
    • (no CPE)range: < 2.10.11

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.