CVE-2025-53004

HIGH EPSS 40.4%

Published Jun 30, 202512mo ago · Modified Jun 17, 20261w ago

8.9 CVSS 4.0

High

Published Jun 30, 2025 12mo ago

Last Modified Jun 17, 2026 1w ago

Description

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has been patched in version 2.10.11.

CVSS Details

Base Score

8.9

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

40.4% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 1

CWE-153

Affected Products 1

Vendor	Product	Version	Range
dataease	dataease	*	<2.10.11

References 1

github.com https://github.com/dataease/dataease/security/advisories/GHSA-mfg2-qr5c-99pp

ExploitVendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.