Security Advisory

CVE-2025-64428

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-20 17:07:00

Last updated 2025-11-21 16:18:57

Assigner GitHub_M

State PUBLISHED

Description

Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection. A blacklist was added in the patch for version 2.10.14. However, JNDI injection remains possible via the iiop, corbaname, and iiopname schemes. The vulnerability has been fixed in version 2.10.17.

← Browse all CVEs View on cve.org ↗