Security Advisory

CVE-2025-49001

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-06-03 20:33:48
Last updated 2025-06-04 13:51:38
Assigner GitHub_M
State PUBLISHED

Description

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.10, secret verification does not take effect successfully, so a user can use any secret to forge a JWT token. The vulnerability has been fixed in v2.10.10. No known workarounds are available.