CVE-2025-49002CRITICAL 9.8EPSS p98.5%

CVE-2025-49002CVE-2025-49002

Description

DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that allow the patch to be bypassed through case insensitivity because INIT and RUNSCRIPT are prohibited. The vulnerability has been fixed in v2.10.10. No known workarounds are available.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS40.27% probability of exploitation · percentile 98.5% · 2026-06-18T12:00:27Z
Published2025-06-03
Last modified2025-06-05

Underlying weaknesses· 1

CWE-290

References

  1. https://github.com/dataease/dataease/security/advisories/GHSA-999m-jv2p-5h34
  2. https://github.com/dataease/dataease/security/advisories/GHSA-h7hj-4j78-cvc7
  3. https://github.com/dataease/dataease/security/advisories/GHSA-h7hj-4j78-cvc7

1

TypeTargetConfidenceTier
WeaknessAuthentication Bypass by Spoofingcwe-2900%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-48999
CVE
CVE-2025-48998
CVE
CVE-2025-32966
CVE
CVE-2025-46566
CVE
CVE-2025-49003
CVE
CVE-2026-40900
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.