SQL Injection Vulnerability in DataEase Data Visualization Platform
CVE-2025-62422
8.7HIGH
What is CVE-2025-62422?
DataEase is an open source data visualization and analytics platform that has a vulnerability in its /de2api/datasetData/tableField interface. In versions 2.10.13 and earlier, an SQL injection flaw allows attackers to manipulate the tableName parameter, potentially executing unauthorized SQL commands. This poses a significant risk to data integrity and security. The vulnerability is addressed in version 2.10.14, with no known workarounds available for affected versions.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
dataease < 2.10.14
References
CVSS V4
Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved