Vulnerability Database

308,926

Total vulnerabilities in the database

CVE-2025-64163

DataEase is an open source data visualization analysis tool. In versions 2.10.14 and below, the vendor added a blacklist to filter ldap:// and ldaps://. However, omission of protection for the dns:// protocol results in an SSRF vulnerability. This issue is fixed in version 2.10.15.

Published: Nov 6, 2025
Updated: Nov 8, 2025
CVE: CVE-2025-64163
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
dataease / dataease	-	2.10.15

https://github.com/dataease/dataease/commit/869b7fb8b10069ac6c326554bfa8f060a539ba85
https://github.com/dataease/dataease/releases/tag/v2.10.15
https://github.com/dataease/dataease/security/advisories/GHSA-8397-v66p-539m

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo