About Author
Hi, I'm Sharon, a product manager at Chaitin Tech. We build SafeLine, an open-source Web Application Firewall built for real-world threats. While SafeLine focuses on HTTP-layer protection, our emergency response center monitors and responds to RCE and authentication vulnerabilities across the stack to help developers stay safe.
DataEase, an open-source data visualization platform, has recently been found vulnerable to a series of high-risk flaws that allow unauthenticated Remote Code Execution (RCE) and authentication bypass. These vulnerabilities — now publicly disclosed — pose a serious risk to internet-facing deployments.
Vulnerability Overview
In June 2025, multiple security advisories were published disclosing the following CVEs:
- CVE-2025-48999
- CVE-2025-49002
- CVE-2025-49001
When chained together, these flaws enable attackers to bypass authentication and remotely execute arbitrary Java code on the server, potentially compromising the entire host.
Root Cause
CVE-2025-48999
Improper input validation when configuring Redshift as a data source allows authenticated users to inject malicious JDBC parameters. These are processed without adequate sanitization, leading to code execution on the server.
CVE-2025-49002
A similar flaw exists when configuring H2 databases. Attackers can exploit JDBC parameters like INIT= to trigger code execution via specially crafted connection strings.
CVE-2025-49001
A logic flaw in DataEase’s JWT authentication system causes the backend to continue processing invalid tokens instead of rejecting them. This enables attackers to forge tokens and gain unauthorized access — a stepping stone for RCE.
Impact
| Risk Type | Details |
|---|---|
| Remote Code Execution | Arbitrary Java code execution via malicious JDBC payloads |
| Authentication Bypass | Unauthorized access through forged JWT tokens |
| Affected Component | DataEase backend (JDBC + JWT auth modules) |
| Exploit Prerequisites | None — attacks work without valid credentials |
| System Requirements | Default configurations are vulnerable |
| Exploit Maturity | Public PoC/EXP available |
| Severity | High |
| Fix Complexity | Low — official patch released |
Affected Versions
DataEase < 2.10.10
🛠 Recommended Mitigation
Temporary Workarounds
- Use WAF/Firewall: Block malicious JDBC payload patterns.
- Restrict Outbound Access: Prevent the server from connecting to external resources via JDBC.
- Avoid Public Exposure: Do not expose DataEase to the public internet if unnecessary.
Permanent Fix
Upgrade to the latest version:
Reproduction
Screenshots demonstrate the successful remote code execution via malicious JDBC injection:
Product Detection Support
| Product | Detection Status |
|---|---|
| Yuntu | Fingerprinting & PoC-based detection supported by default |
| Dongjian | Custom PoC detection supported |
| SafeLine | Custom WAF rules released to detect this attack |
| Quanxi | Detection rule updates published |
Timeline
- Jun 5, 2025 – Public advisory released by Chaitin Security Emergency Response Center
References
- https://github.com/dataease/dataease/security/advisories/GHSA-6pq2-6q8x-mp2r
- https://github.com/dataease/dataease/security/advisories/GHSA-999m-jv2p-5h34
- https://github.com/dataease/dataease/security/advisories/GHSA-xx2m-gmwg-mf3r
Top comments (0)
Some comments may only be visible to logged-in visitors. Sign in to view all comments.