SSRF Vulnerability in DataEase Data Visualization Tool
CVE-2025-64163

8.9HIGH

Key Information:

Vendor

Dataease

Status
Dataease
Vendor
CVE Published:
5 November 2025

What is CVE-2025-64163?

DataEase is an open-source data visualization analysis tool that, in versions up to 2.10.14, lacked proper protection against the dns:// protocol, leading to a Server-Side Request Forgery (SSRF) vulnerability. This flaw arises due to the addition of a blacklist filtering ldap:// and ldaps:// but neglects to secure against dns://. Users should upgrade to version 2.10.15 or later to mitigate this risk effectively.

Affected Version(s)

dataease < 2.10.15

References

https://github.com/dataease/dataease/security/advisories/...
x_refsource_CONFIRM
https://github.com/dataease/dataease/commit/869b7fb8b1006...
x_refsource_MISC
https://github.com/dataease/dataease/releases/tag/v2.10.15
x_refsource_MISC

CVSS V4

Score:
8.9
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.