JNDI Injection Vulnerability in Dataease Open Source Data Visualization Tool

CVE-2025-64428

What is CVE-2025-64428?

Dataease, an open source data visualization analysis tool, is susceptible to JNDI injection in versions prior to 2.10.17. Although a blacklist was introduced in version 2.10.14, attackers can still exploit vulnerabilities through specific schemes such as iiop, corbaname, and iiopname. The vulnerability was addressed in the subsequent release of version 2.10.17, which mitigates these risks. It is essential for users to update to this version to safeguard against potential threats posed by this vulnerability.

References