Main Vulnerability Database Vulnerabilities #VU126335

#VU126335 Improper input validation in DataEase - CVE-2025-24974

Published: March 13, 2025 / Updated: April 16, 2026

Vulnerability identifier: #VU126335

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-24974

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
DataEase

Software vendor:
DataEase

Description

The vulnerability allows a remote user to read and deserialize arbitrary files.

The vulnerability exists due to improper input validation in the Mysql JDBC connection parameter handling when processing user-supplied JDBC connection parameters. A remote user can supply crafted connection parameters to read and deserialize arbitrary files.

The issue affects the background JDBC connection functionality.

Remediation

Install security update from vendor's website.

External links

https://github.com/dataease/dataease/security/advisories/GHSA-wmfp-mjf3-57f5

#VU126335 Improper input validation in DataEase - CVE-2025-24974

Description

Remediation

External links

Please verify you're human