ByteOS Network

NVD Vulnerability Details :

CVE-2025-49002

Analyzed

Source-security-advisories@github.com

Published At-03 Jun, 2025 | 21:15

Updated At-05 Jun, 2025 | 14:07

DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that allow the patch to be bypassed through case insensitivity because INIT and RUNSCRIPT are prohibited. The vulnerability has been fixed in v2.10.10. No known workarounds are available.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	8.2	HIGH	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 4.0

Base score: 8.2

Base severity: HIGH

Vector:

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Primary

Version: 3.1

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CPE Matches

DataEase (FIT2CLOUD Inc.)

>>dataease>>Versions before 2.10.10(exclusive)

cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-290	Secondary	security-advisories@github.com
NVD-CWE-Other	Primary	nvd@nist.gov

CWE ID: CWE-290

Type: Secondary

Source: security-advisories@github.com

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://github.com/dataease/dataease/security/advisories/GHSA-999m-jv2p-5h34	security-advisories@github.com	Exploit Third Party Advisory
https://github.com/dataease/dataease/security/advisories/GHSA-h7hj-4j78-cvc7	security-advisories@github.com	Exploit Third Party Advisory
https://github.com/dataease/dataease/security/advisories/GHSA-h7hj-4j78-cvc7	134c704f-9b21-4f2e-91b3-4a467353bcc0	Exploit Third Party Advisory

Hyperlink: https://github.com/dataease/dataease/security/advisories/GHSA-999m-jv2p-5h34

Source: security-advisories@github.com

Resource:

Exploit

Third Party Advisory

Hyperlink: https://github.com/dataease/dataease/security/advisories/GHSA-h7hj-4j78-cvc7

Source: security-advisories@github.com

Resource:

Exploit

Third Party Advisory

Hyperlink: https://github.com/dataease/dataease/security/advisories/GHSA-h7hj-4j78-cvc7

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Resource:

Exploit

Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History