Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-53006


DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreSQL and Redshift, apart from parameters like "socketfactory" and "socketfactoryarg", there are also "sslfactory" and "sslfactoryarg" with similar functionality. The difference lies in that "sslfactory" and related parameters need to be triggered after establishing the connection. Other similar parameters include "sslhostnameverifier", "sslpasswordcallback", and "authenticationPluginClassName". This issue has been patched in 2.10.11.


Published

2025-07-02T15:15:27.343

Last Modified

2025-07-10T15:16:32.103

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses
  • Type: Primary
    CWE-153

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application dataease dataease < 2.10.11 Yes

References