Unrated severityNVD Advisory· Published Nov 20, 2025· Updated Nov 21, 2025

DataEase DB2 JNDI Vulnerability

CVE-2025-64428

Description

Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection. A blacklist was added in the patch for version 2.10.14. However, JNDI injection remains possible via the iiop, corbaname, and iiopname schemes. The vulnerability has been fixed in version 2.10.17.

Affected products

Dataease/Dataeasev5
Range: < 2.10.17

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/dataease/dataease/commit/b7e585c1cc3fc2b73cb289b8680b4b3914be3d53mitrex_refsource_MISC
github.com/dataease/dataease/releases/tag/v2.10.17mitrex_refsource_MISC
github.com/dataease/dataease/security/advisories/GHSA-88ph-3236-2m2hmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000