Cyber Resilience

CVE-2025-57772

HighPublic PoCRCE

Published: 25 August 2025

Published
25 August 2025
Modified
03 September 2025
KEV Added
Patch
CVSS Score v4 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0034 57.2th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-57772 is a high-severity Code Injection (CWE-94) vulnerability in Dataease Dataease. Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 42.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-57772 is a remote code execution (RCE) vulnerability in DataEase, an open source business intelligence and data visualization tool. Affecting versions prior to 2.10.12, the issue stems from a H2 JDBC URL bypass in the application's JDBC handling. Specifically, if the JDBC URL meets certain criteria, the getJdbcUrl method returns the provided JdbcUrl parameter, circumventing H2's built-in filtering logic. This allows attackers to specify the H2 driver ("org.h2.Driver") for the JDBC connection, enabling arbitrary code execution. The vulnerability is classified under CWE-94 (Improper Control of Generation of Code) with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Unauthenticated attackers can exploit this vulnerability remotely over the network with low complexity and no user interaction required. By crafting a malicious JDBC URL that bypasses the filters, an attacker can establish a JDBC connection using the H2 driver, leading to full RCE on the DataEase server. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, potentially allowing full system compromise.

The vulnerability has been fixed in DataEase version 2.10.12. Security practitioners should upgrade to this version or later. Additional details are available in the official GitHub security advisory (GHSA-v37q-vh67-9rqv) and the fixing commit (1644d81dff46272b09570fa1f4a8f83f01f37440).

EU & UK References

Vulnerability details

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, there is a H2 JDBC RCE bypass in DataEase. If the JDBC URL meets criteria, the getJdbcUrl method is returned, which acts as the getter…

more

for the JdbcUrl parameter provided. This bypasses H2's filtering logic and returns the H2 JDBC URL, allowing the "driver":"org.h2.Driver" to specify the H2 driver for the JDBC connection. The vulnerability has been fixed in version 2.10.12.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

CVE-2025-57772 is an authenticated RCE vulnerability in the public-facing DataEase web application via crafted POST to /de2api/datasource/validate, bypassing H2 JDBC filtering to execute remote scripts using a spoofed 'oracle' type with H2 driver/URL.

CVEs Like This One

CVE-2024-57707Same product: Dataease Dataease
CVE-2025-64428Same product: Dataease Dataease
CVE-2026-32140Same product: Dataease Dataease
CVE-2024-56511Same product: Dataease Dataease
CVE-2025-58748Same product: Dataease Dataease
CVE-2026-33084Same product: Dataease Dataease
CVE-2025-58045Same product: Dataease Dataease
CVE-2025-58046Same product: Dataease Dataease
CVE-2025-27138Same product: Dataease Dataease
CVE-2025-57773Same product: Dataease Dataease

Affected Assets

dataease
dataease
≤ 2.10.12

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the H2 JDBC RCE by requiring identification, reporting, and timely patching to version 2.10.12 or later.

prevent

Prevents exploitation by enforcing validation of JDBC URL inputs to block bypasses of H2 filtering logic.

preventdetect

Detects the specific CVE-2025-57772 vulnerability through regular scanning and drives remediation to prevent exploitation.

References