VYPR
Unrated severityNVD Advisory· Published Nov 6, 2025· Updated Nov 6, 2025

DataEase is vulnerable to Oracle JNDI Injection

CVE-2025-64164

Description

Dataease is an open source data visualization analysis tool. In versions 2.10.14 and below, DataEase did not properly filter when establishing JDBC connections to Oracle, resulting in a risk of JNDI injection (Java Naming and Directory Interface injection). This issue is fixed in version 2.10.15.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Dataease/Dataeasellm-fuzzy2 versions
    <=2.10.14+ 1 more
    • (no CPE)range: <=2.10.14
    • (no CPE)range: < 2.10.15

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.