Vulnerability Database

308,926

Total vulnerabilities in the database

CVE-2025-64164

Dataease is an open source data visualization analysis tool. In versions 2.10.14 and below, DataEase did not properly filter when establishing JDBC connections to Oracle, resulting in a risk of JNDI injection (Java Naming and Directory Interface injection). This issue is fixed in version 2.10.15.

  • Published: Nov 6, 2025
  • Updated: Nov 8, 2025
  • CVE: CVE-2025-64164
  • Severity: Critical
  • Exploit:

CVSS v3:

  • Severity: Critical
  • Score: 9.8
  • AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

OWASP TOP 10:

Software From Fixed in
dataease / dataease - 2.10.15