CVE-2025-49002

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-49002

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-49002.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-49002

Related

GHSA-999m-jv2p-5h34
GHSA-h7hj-4j78-cvc7

Published

2025-06-03T21:15:22Z

Modified

2025-06-06T03:48:15.782985Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that allow the patch to be bypassed through case insensitivity because INIT and RUNSCRIPT are prohibited. The vulnerability has been fixed in v2.10.10. No known workarounds are available.

References

Affected packages

Git / github.com/dataease/dataease

Affected ranges

Type: GIT
Repo: https://github.com/dataease/dataease
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3b8f018abb6d3846a7ebb694bbe5cbf35a932104

Affected versions

v1.*

v1.0.0

v1.0.0-rc1

v1.0.0-rc2

v1.11.0

v1.11.1

v1.2.0

v1.3.0

v1.5.0

v1.5.1

v1.5.2

v1.6.0

v1.8.0

v1.9.0

v2.*

v2.10.0

v2.10.1

v2.10.2

v2.10.3

v2.10.4

v2.10.5

v2.10.6

v2.10.7

v2.10.8

v2.10.9

v2.2.0

v2.3.0

v2.4.0

v2.6.0

v2.9.0