DataEase Business Intelligence Tool Vulnerability in Open Source Software
CVE-2025-49002

8.2HIGH

Key Information:

Vendor

Dataease

Status
Dataease
Vendor
CVE Published:
3 June 2025

What is CVE-2025-49002?

The DataEase business intelligence and data visualization tool has a security flaw in versions prior to 2.10.10, stemming from an inadequate patch related to a previous vulnerability (CVE-2025-32966). This flaw allows attackers to bypass security measures due to case insensitivity in certain commands. Specifically, the commands INIT and RUNSCRIPT are disabled, but the flawed patch does not adequately prevent exploitation. As a result, no known workarounds exist to mitigate this issue, making it crucial for users to upgrade to the fixed version.

Affected Version(s)

dataease < 2.10.10

References

https://github.com/dataease/dataease/security/advisories/...
x_refsource_CONFIRM
https://github.com/dataease/dataease/security/advisories/...
x_refsource_MISC

CVSS V4

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.