CVE-2025-53006CRITICAL 9.8EPSS p41.2%

CVE-2025-53006CVE-2025-53006

Description

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreSQL and Redshift, apart from parameters like "socketfactory" and "socketfactoryarg", there are also "sslfactory" and "sslfactoryarg" with similar functionality. The difference lies in that "sslfactory" and related parameters need to be triggered after establishing the connection. Other similar parameters include "sslhostnameverifier", "sslpasswordcallback", and "authenticationPluginClassName". This issue has been patched in 2.10.11.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.54% probability of exploitation · percentile 41.2% · 2026-06-19T12:03:05Z
Published2025-07-02
Last modified2025-07-10

Underlying weaknesses· 1

CWE-153

References

  1. https://github.com/dataease/dataease/security/advisories/GHSA-q726-5pr9-x7gm

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Substitution Characterscwe-1530%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-53004
CVE
CVE-2025-53005
CVE
CVE-2025-48999
CVE
CVE-2025-27138
CVE
CVE-2025-48998
CVE
CVE-2025-64163
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.