CVE-2025-57773 – DataEase JNDI Injection Vulnerability

August 25, 2025

CVE ID : CVE-2025-57773

Published : Aug. 25, 2025, 5:15 p.m. | 7 hours, 55 minutes ago

Description : DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, because DB2 parameters are not filtered, a JNDI injection attack can be directly launched. JNDI triggers an AspectJWeaver deserialization attack, writing to various files. This vulnerability requires commons-collections 4.x and aspectjweaver-1.9.22.jar. The vulnerability has been fixed in version 2.10.12.

Severity: 8.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-57802 – Airlink Docker Bind Mount Symlink Privilege Escalation Vulnerability

Next Article CVE-2025-57772 – DataEase H2 JDBC RCE Bypass

Microsoft donates DocumentDB to the Linux Foundation

A Week In The Life Of An AI-Augmented Designer

This week in AI updates: Gemini Code Assist Agent Mode, GitHub’s Agents panel, and more (August 22, 2025)

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

ChatGPT is reportedly scraping Google Search data to answer your questions – here’s how

The 10 best early Labor Day deals live now: Save on Apple, Samsung and more

5 rumored Apple iPhone Fold features that have me excited (and frustrated at the same time)

Forget plug-and-play AI: Here’s what successful AI projects do differently

Log Outgoing HTTP Requests with the Laravel Spy Package

Log Outgoing HTTP Requests with the Laravel Spy Package

devdojo/auth

Rust Slices: Cutting Into References the Safe Way

Best AI Girlfriend Simulator [2025 Working Apps and Websites]

Best AI Girlfriend Simulator [2025 Working Apps and Websites]

8 Best Paid and Free AI Sexting Chat Apps in 2025

Best AI Anime Art Generator: 7 Best to Use [Free & Premium]

CVE-2025-57773 – DataEase JNDI Injection Vulnerability

Transparent Tribe Targets Indian Govt With Weaponized Desktop Shortcuts via Phishing

Buffalo Police Detective Indicted for Attempted Purchases on Genesis Market

Double Fine announced its new game, and I’m so ready to play as a sentient lighthouse

Bookmark – terminal-based bookmark manager

Microsoft expands its Sovereign Cloud as Europe demands greater data control

CVE-2025-31250 – Apple macOS Sequoia Information Disclosure Vulnerability

CVE-2025-2068 – FileZ Open Redirect Information Disclosure

CVE-2025-52794 – Creative-Solutions Creative Contact Form CSRF Stored XSS

Thanks to Sabrina Carpenter, for the first time in my life — I want to play Fortnite

On Dyson, techno-centric design and social consumption

CVE-2025-57773 – DataEase JNDI Injection Vulnerability

Related Posts