CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Dataease: >> Dataease >> 2.10.16 Security Vulnerabilities

CVE-2025-64428

Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection. A blacklist was added in the patch for version 2.10.14. However, JNDI injection remains possible via the iiop, corbaname, and iiopname schemes. The vulnerability has been fixed in version 2.10.17.

CVSS Score

9.8

EPSS Score

0.001

Published

2025-11-20

Page 1

Vulnerabilities

Vulnerable Software

Dataease: >> Dataease >> 2.10.16 Security Vulnerabilities

Products

Pricing

Contact Us