SB2025031349 - Multiple vulnerabilities in DataEase
Published: March 13, 2025 Updated: April 16, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Improper access control (CVE-ID: CVE-2025-27138)
The vulnerability allows a remote attacker to bypass authentication and access protected endpoints.
The vulnerability exists due to improper access control in the io.dataease.auth.filter.TokenFilter class when handling crafted request URLs. A remote attacker can send a specially crafted request using a whitelist prefix and encoded path traversal sequence to bypass authentication and access protected endpoints.
Exploitation requires the application to be deployed with server.servlet.context-path configured.
2) Improper input validation (CVE-ID: CVE-2025-27103)
The vulnerability allows a remote user to read arbitrary files.
The vulnerability exists due to improper input validation in the Mysql JDBC connection configuration when constructing and using JDBC connection strings with encoded connection parameters. A remote user can supply a specially crafted JDBC URL or extra parameters to read arbitrary files.
The issue can be exploited after logging in through the background JDBC connection, and the advisory states that arbitrary files can also be deserialized.
3) Improper input validation (CVE-ID: CVE-2025-24974)
The vulnerability allows a remote user to read and deserialize arbitrary files.
The vulnerability exists due to improper input validation in the Mysql JDBC connection parameter handling when processing user-supplied JDBC connection parameters. A remote user can supply crafted connection parameters to read and deserialize arbitrary files.
The issue affects the background JDBC connection functionality.
Remediation
Install update from vendor's website.