CVE-2025-48998 – DataEase Arbitrary File Deserialization

CVE ID : CVE-2025-48998

Published : June 3, 2025, 7:15 p.m. | 1 hour, 14 minutes ago

Description : DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.10. No known workarounds are available.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…