CVE-2025-58748

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-58748
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-58748.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-58748
Aliases
  • GHSA-23qw-9qrh-9rr8
Published
2025-09-15T17:15:35Z
Modified
2025-09-17T06:06:19.790145Z
Summary
[none]
Details

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation (H2.java) does not verify that a provided JDBC URL starts with jdbc:h2. This lack of validation allows a crafted JDBC configuration that substitutes the Amazon Redshift driver and leverages the socketFactory and socketFactoryArg parameters to invoke org.springframework.context.support.FileSystemXmlApplicationContext or ClassPathXmlApplicationContext with an attacker‑controlled remote XML resource, resulting in remote code execution. Versions up to and including 2.10.12 are affected. The issue is fixed in version 2.10.13. Updating to version 2.10.13 or later is the recommended remediation. No known workarounds exist.

References

Affected packages

Git / github.com/dataease/dataease

Affected ranges

Type
GIT
Repo
https://github.com/dataease/dataease
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
23a45e72a7abc37d5680b0a7cf691b8df378d4ef

Affected versions

v1.*

v1.0.0
v1.0.0-rc1
v1.0.0-rc2
v1.11.0
v1.11.1
v1.2.0
v1.3.0
v1.5.0
v1.5.1
v1.5.2
v1.6.0
v1.8.0
v1.9.0

v2.*

v2.2.0
v2.3.0
v2.4.0
v2.6.0
v2.9.0

Database specific 

{
    "vanir_signatures": [
        {
            "target": {
                "file": "core/core-backend/src/main/java/io/dataease/datasource/type/H2.java",
                "function": "getJdbc"
            },
            "digest": {
                "function_hash": "316497578629931690602600318534919935826",
                "length": 236.0
            },
            "signature_type": "Function",
            "source": "https://github.com/dataease/dataease/commit/23a45e72a7abc37d5680b0a7cf691b8df378d4ef",
            "deprecated": false,
            "id": "CVE-2025-58748-3b90545d",
            "signature_version": "v1"
        },
        {
            "target": {
                "file": "core/core-backend/src/main/java/io/dataease/datasource/type/H2.java"
            },
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "172740309925405847267858894130616441980",
                    "333487707478739931352209523162417589534",
                    "81990414826698050434964333228918287843"
                ]
            },
            "signature_type": "Line",
            "source": "https://github.com/dataease/dataease/commit/23a45e72a7abc37d5680b0a7cf691b8df378d4ef",
            "deprecated": false,
            "id": "CVE-2025-58748-575a5533",
            "signature_version": "v1"
        }
    ]
}