Remote Code Execution Vulnerability in DataEase by DataEase Developers
CVE-2025-32966

8.2HIGH

Key Information:

Vendor: Dataease
Status: Dataease
Vendor: CVE Published:; 23 April 2025

What is CVE-2025-32966?

An RCE vulnerability was identified in DataEase, an open-source business intelligence tool that serves as an alternative to Tableau. This vulnerability allows authenticated users to execute unauthorized code through a compromised JDBC link in the backend, impacting the security of the application. The issue has been addressed in version 2.10.8, urging users to upgrade to this version to mitigate the risk.

Affected Version(s)

dataease < 2.10.8

References

https://github.com/dataease/dataease/security/advisories/...

x_refsource_CONFIRM

CVSS V4

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 23, 2025
Vulnerability Reserved
Apr 14, 2025

Dataease

What is CVE-2025-32966?

Affected Version(s)

References

CVSS V4

Timeline