VYPR
Unrated severityNVD Advisory· Published Oct 17, 2025· Updated Oct 17, 2025

DataEase SQL injection vulnerability

CVE-2025-62422

Description

DataEase is an open source data visualization and analytics platform. In versions 2.10.13 and earlier, the /de2api/datasetData/tableField interface is vulnerable to SQL injection. An attacker can construct a malicious tableName parameter to execute arbitrary SQL commands. This issue is fixed in version 2.10.14. No known workarounds exist.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Dataease/Dataeasellm-fuzzy2 versions
    <=2.10.13+ 1 more
    • (no CPE)range: <=2.10.13
    • (no CPE)range: < 2.10.14

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.