Unrated severityNVD Advisory· Published Nov 20, 2025· Updated Nov 21, 2025
DataEase DB2 JNDI Vulnerability
CVE-2025-64428
Description
Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection. A blacklist was added in the patch for version 2.10.14. However, JNDI injection remains possible via the iiop, corbaname, and iiopname schemes. The vulnerability has been fixed in version 2.10.17.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- github.com/dataease/dataease/commit/b7e585c1cc3fc2b73cb289b8680b4b3914be3d53mitrex_refsource_MISC
- github.com/dataease/dataease/releases/tag/v2.10.17mitrex_refsource_MISC
- github.com/dataease/dataease/security/advisories/GHSA-88ph-3236-2m2hmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.