Security Advisory

CVE-2025-64163

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-05 23:52:05
Last updated 2025-11-06 21:18:12
Assigner GitHub_M
State PUBLISHED

Description

DataEase is an open source data visualization analysis tool. In versions 2.10.14 and below, the vendor added a blacklist to filter ldap:// and ldaps://. However, omission of protection for the dns:// protocol results in an SSRF vulnerability. This issue is fixed in version 2.10.15.