CVE-2025-53004
CRITICALDescription
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has been patched in version 2.10.11.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| dataease | dataease |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-53004? +
How severe is CVE-2025-53004? +
What products are affected by CVE-2025-53004? +
How do I check if I'm vulnerable to CVE-2025-53004? +
Related Vulnerabilities
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, a threat actor may take …
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability …
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreSQL and Redshift, …
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 …
DataEase is an open source data visualization analysis tool. In Dataease, the PostgreSQL data source in the data source function …
DataEase is an open source data visualization analysis tool. In versions 2.10.14 and below, the vendor added a blacklist to …