VYPR
Unrated severityNVD Advisory· Published Nov 20, 2025· Updated Nov 21, 2025

DataEase DB2 JNDI Vulnerability

CVE-2025-64428

Description

Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection. A blacklist was added in the patch for version 2.10.14. However, JNDI injection remains possible via the iiop, corbaname, and iiopname schemes. The vulnerability has been fixed in version 2.10.17.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Dataease/Dataeasellm-fuzzy2 versions
    >=2.10.14 <2.10.17+ 1 more
    • (no CPE)range: >=2.10.14 <2.10.17
    • (no CPE)range: < 2.10.17

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.

CVE-2025-64428 · VYPR