Unrated severityNVD Advisory· Published Nov 6, 2025· Updated Nov 6, 2025

DataEase is vulnerable to Oracle JNDI Injection

CVE-2025-64164

Description

Dataease is an open source data visualization analysis tool. In versions 2.10.14 and below, DataEase did not properly filter when establishing JDBC connections to Oracle, resulting in a risk of JNDI injection (Java Naming and Directory Interface injection). This issue is fixed in version 2.10.15.

Affected products

Dataease/Dataeasev5
Range: < 2.10.15

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/dataease/dataease/commit/7b68eb3dfccbbd12ec977e6320dbd3e32a7bbfe6mitrex_refsource_MISC
github.com/dataease/dataease/releases/tag/v2.10.15mitrex_refsource_MISC
github.com/dataease/dataease/security/advisories/GHSA-q754-4pc2-wjqwmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000