Unrated severityNVD Advisory· Published Nov 6, 2025· Updated Nov 6, 2025
DataEase is vulnerable to Oracle JNDI Injection
CVE-2025-64164
Description
Dataease is an open source data visualization analysis tool. In versions 2.10.14 and below, DataEase did not properly filter when establishing JDBC connections to Oracle, resulting in a risk of JNDI injection (Java Naming and Directory Interface injection). This issue is fixed in version 2.10.15.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- github.com/dataease/dataease/commit/7b68eb3dfccbbd12ec977e6320dbd3e32a7bbfe6mitrex_refsource_MISC
- github.com/dataease/dataease/releases/tag/v2.10.15mitrex_refsource_MISC
- github.com/dataease/dataease/security/advisories/GHSA-q754-4pc2-wjqwmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.