VYPR
Unrated severityNVD Advisory· Published Nov 5, 2025· Updated Nov 6, 2025

DataEase's DB2 is vulnerable to SSRF

CVE-2025-64163

Description

DataEase is an open source data visualization analysis tool. In versions 2.10.14 and below, the vendor added a blacklist to filter ldap:// and ldaps://. However, omission of protection for the dns:// protocol results in an SSRF vulnerability. This issue is fixed in version 2.10.15.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Dataease/Dataeasellm-fuzzy2 versions
    <=2.10.14+ 1 more
    • (no CPE)range: <=2.10.14
    • (no CPE)range: < 2.10.15

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.