CVE-2025-64428

216.73.217.22

· Published 20/11/2025 17:15 · Modified 24/11/2025 14:21

Labels: CVE-2025-64428 2025-11-20 CVE-2025-64428 CWE-74 [email protected]

Essential information

Published: 20/11/2025 17:15
Modified: 24/11/2025 14:21
Author: —
Creator: —
CVSS: 8.9 HIGH (v3) 8.9 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection. A blacklist was added in the patch for version 2.10.14. However, JNDI injection remains possible via the iiop, corbaname, and iiopname schemes. The vulnerability has been fixed in version 2.10.17.

NVD status

Status: Analyzed — CVE has had analysis completed and all data associations made.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
dataease / dataease	`cpe:2.3:a:dataease:dataease::::::::`