Main Vulnerability Database Vulnerabilities #VU126339

Improper input validation in DataEase - CVE-2025-48998

Published: April 16, 2026

Vulnerability identifier: #VU126339

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-48998

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: DataEase

Affected software:
DataEase

Detailed vulnerability description

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to improper input validation in the JDBC connection string construction logic when handling datasource validation requests. A remote user can supply a specially crafted host value to inject malicious JDBC parameters and disclose sensitive information.

The issue affects the MySQL datasource configuration path when urlType is set to hostName.

How to mitigate CVE-2025-48998

Install security update from vendor's website.

Improper input validation in DataEase - CVE-2025-48998

Detailed vulnerability description

How to mitigate CVE-2025-48998

Sources

Please verify you're human