CVE-2025-53006
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreS
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreSQL and Redshift, apart from parameters like "socketfactory" and "socketfactoryarg", there are also "sslfactory" and "sslfactoryarg" with similar functionality. The difference lies in that "sslfactory" and related parameters need to be triggered after establishing the connection.
Other similar parameters include "sslhostnameverifier", "sslpasswordcallback", and "authenticationPluginClassName". This issue has been patched in 2.10.11.
CRITICAL · CVSS 9.8
EPSS 0.00314
Act now
- Public exploit or PoC is available
- SSVC automatable: yes - attacks can be scripted at scale
- CVSS base score ≥ 7.0
Sigma rules0
YARA rules0