CVE-2025-48998HIGH 8.8EPSS p34.1%

CVE-2025-48998CVE-2025-48998

Description

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.10. No known workarounds are available.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.43% probability of exploitation · percentile 34.1% · 2026-06-19T12:03:05Z
Published2025-06-03
Last modified2025-06-09

Underlying weaknesses· 2

CWE-89CWE-862

References

  1. https://github.com/dataease/dataease/security/advisories/GHSA-2wfc-qwx7-w692
  2. https://github.com/dataease/dataease/security/advisories/GHSA-v4gg-8rp3-ccjx
  3. https://github.com/dataease/dataease/security/advisories/GHSA-2wfc-qwx7-w692

2

TypeTargetConfidenceTier
WeaknessMissing Authorizationcwe-8620%live
WeaknessImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')cwe-890%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-48999
CVE
CVE-2025-46566
CVE
CVE-2025-32966
CVE
CVE-2025-27138
CVE
CVE-2025-57772
CVE
CVE-2025-57773
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.