Vulnerability Description
Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation (H2.java) does not verify that a provided JDBC URL starts with jdbc:h2. This lack of validation allows a crafted JDBC configuration that substitutes the Amazon Redshift driver and leverages the socketFactory and socketFactoryArg parameters to invoke org.springframework.context.support.FileSystemXmlApplicationContext or ClassPathXmlApplicationContext with an attacker‑controlled remote XML resource, resulting in remote code execution. Versions up to and including 2.10.12 are affected. The issue is fixed in version 2.10.13. Updating to version 2.10.13 or later is the recommended remediation. No known workarounds exist.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dataease | Dataease | < 2.10.13 |
Related Weaknesses (CWE)
References
- https://github.com/dataease/dataease/commit/23a45e72a7abc37d5680b0a7cf691b8df378Patch
- https://github.com/dataease/dataease/security/advisories/GHSA-23qw-9qrh-9rr8ExploitVendor Advisory
FAQ
What is CVE-2025-58748?
CVE-2025-58748 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation (H2.java) does not verify that a provided JDBC URL starts wit...
How severe is CVE-2025-58748?
CVE-2025-58748 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-58748?
Check the references section above for vendor advisories and patch information. Affected products include: Dataease Dataease.