CVE-2025-64428 – DataEase DB2 JNDI Vulnerability

CVE ID : CVE-2025-64428

Published : Nov. 20, 2025, 5:15 p.m. | 1 hour, 58 minutes ago

Description : Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection. A blacklist was added in the patch for version 2.10.14. However, JNDI injection remains possible via the iiop, corbaname, and iiopname schemes. The vulnerability has been fixed in version 2.10.17.

Severity: 8.9 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…