CVE-2025-53005
CRITICALDescription
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's PostgreSQL Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has been patched in version 2.10.11.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| dataease | dataease |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-53005? +
How severe is CVE-2025-53005? +
What products are affected by CVE-2025-53005? +
How do I check if I'm vulnerable to CVE-2025-53005? +
Related Vulnerabilities
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, a threat actor may take …
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability …
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreSQL and Redshift, …
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 …
DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.8, authenticated users can complete RCE through the …
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.10, secret verification does not take …