ГлавнаяУязвимости → CVE-2025-49003
9.8критическая

CVE-2025-49003

Описание

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, a threat actor may take advantage of a feature in Java in which the character "ı" becomes "I" when converted to uppercase, and the character "ſ" becomes "S" when converted to uppercase. A threat actor who uses a carefully crafted message that exploits this character conversion can cause remote code execution. The vulnerability has been fixed in v2.10.11. No known workarounds are available.

Затрагиваемое ПО
Dataease Dataease
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/dataease/dataease/security/advisories/GHSA-x97w-69ff-r55qhttps://github.com/dataease/dataease/security/advisories/GHSA-x97w-69ff-r55q