CVE-2025-53005
Published: 01 July 2025
Summary
CVE-2025-53005 is a high-severity Improper Neutralization of Substitution Characters (CWE-153) vulnerability in Dataease Dataease. Its CVSS base score is 8.9 (High).
Operationally, ranked in the top 34.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-19595
Vulnerability details
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's PostgreSQL Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue…
more
has been patched in version 2.10.11.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.