Vulnerability Description
DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.9.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dataease | Dataease | < 2.10.9 |
Related Weaknesses (CWE)
References
- https://github.com/dataease/dataease/security/advisories/GHSA-hxw4-vpfp-frgvExploitVendor Advisory
- https://github.com/dataease/dataease/security/advisories/GHSA-hxw4-vpfp-frgvExploitVendor Advisory
FAQ
What is CVE-2025-46566?
CVE-2025-46566 is a vulnerability with a CVSS score of 9.8 (CRITICAL). DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.9.
How severe is CVE-2025-46566?
CVE-2025-46566 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-46566?
Check the references section above for vendor advisories and patch information. Affected products include: Dataease Dataease.