Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
&color=brightgreen)
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, because DB2 parameters are not filtered, a JNDI injection attack can be directly launched. JNDI triggers an AspectJWeaver deserialization attack, writing to various files. This vulnerability requires commons-collections 4.x and aspectjweaver-1.9.22.jar. The vulnerability has been fixed in version 2.10.12.
No PoCs from references.
- https://github.com/B1ack4sh/Blackash-CVE-2025-57773
- https://github.com/PuddinCat/GithubRepoSpider
- https://github.com/for-A1kaid/for-A1kaid
- https://github.com/nomi-sec/PoC-in-GitHub