{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-24T12:47:46.113","vulnerabilities":[{"cve":{"id":"CVE-2025-24974","sourceIdentifier":"security-advisories@github.com","published":"2025-03-13T17:15:36.777","lastModified":"2025-03-21T15:40:04.130","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, authenticated users can read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. No known workarounds are available."},{"lang":"es","value":"DataEase es una herramienta de código abierto de inteligencia empresarial y visualización de datos. Antes de la versión 2.10.6, los usuarios autenticados podían leer y deserializar archivos arbitrarios mediante la conexión JDBC en segundo plano. La vulnerabilidad se ha corregido en la versión 2.10.6. No se conocen workarounds."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"},{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*","versionEndExcluding":"2.10.6","matchCriteriaId":"077AC13A-3B0F-4DF3-8900-4A282F4EE10F"}]}]}],"references":[{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-wmfp-mjf3-57f5","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}