Dev.to

Critical RCE Vulnerabilities Found in DataEase (CVE-2025-49001/49002)

About Author Hi, I'm Sharon, a product manager at Chaitin Tech. We build SafeLine, an open-source Web Application Firewall built for real-world threats. While SafeLine focuses on HTTP-layer protection, our emergency response center monitors and responds to RCE and authentication vulnerabilities across the stack to help developers stay safe. DataEase, an open-source data visualization platform, has recently been found vulnerable to a series of high-risk flaws that allow unauthenticated Remote Code Execution (RCE) and authentication bypass. These vulnerabilities — now publicly disclosed — pose a serious risk to internet-facing deployments. Vulnerability Overview In June 2025, multiple security advisories were published disclosing the following CVEs: CVE-2025-48999 CVE-2025-49002 CVE-2025-49001 When chained together, these flaws enable attackers to bypass authentication and remotely execute arbitrary Java code on the server, potentially compromising the entire host. Root Cause CVE-2025-48999 Improper input validation when configuring Redshift as a data source allows authenticated users to inject malicious JDBC parameters. These are processed without adequate sanitization, leading to code execution on the server. CVE-2025-49002 A similar flaw exists when configuring H2 databases. Attackers can exploit JDBC parameters like INIT= to trigger code execution via specially crafted connection strings. CVE-2025-49001 A logic flaw in DataEase’s JWT authentication system causes the backend to continue processing invalid tokens instead of rejecting them. This enables attackers to forge tokens and gain unauthorized access — a stepping stone for RCE. Impact Risk Type Details Remote Code Execution Arbitrary Java code execution via malicious JDBC payloads Authentication Bypass Unauthorized access through forged JWT tokens Affected Component DataEase backend (JDBC + JWT auth modules) Exploit Prerequisites None — attacks work without valid credentials System Requirements Default configurations are vulnerable Exploit Maturity Public PoC/EXP available Severity High Fix Complexity Low — official patch released Affected Versions DataEase < 2.10.10

Jun 6, 2025 - 04:50
 0
Critical RCE Vulnerabilities Found in DataEase (CVE-2025-49001/49002)

About Author

Hi, I'm Sharon, a product manager at Chaitin Tech. We build SafeLine, an open-source Web Application Firewall built for real-world threats. While SafeLine focuses on HTTP-layer protection, our emergency response center monitors and responds to RCE and authentication vulnerabilities across the stack to help developers stay safe.

DataEase, an open-source data visualization platform, has recently been found vulnerable to a series of high-risk flaws that allow unauthenticated Remote Code Execution (RCE) and authentication bypass. These vulnerabilities — now publicly disclosed — pose a serious risk to internet-facing deployments.

Vulnerability Overview

In June 2025, multiple security advisories were published disclosing the following CVEs:

  • CVE-2025-48999
  • CVE-2025-49002
  • CVE-2025-49001

When chained together, these flaws enable attackers to bypass authentication and remotely execute arbitrary Java code on the server, potentially compromising the entire host.

Root Cause

CVE-2025-48999

Improper input validation when configuring Redshift as a data source allows authenticated users to inject malicious JDBC parameters. These are processed without adequate sanitization, leading to code execution on the server.

CVE-2025-49002

A similar flaw exists when configuring H2 databases. Attackers can exploit JDBC parameters like INIT= to trigger code execution via specially crafted connection strings.

CVE-2025-49001

A logic flaw in DataEase’s JWT authentication system causes the backend to continue processing invalid tokens instead of rejecting them. This enables attackers to forge tokens and gain unauthorized access — a stepping stone for RCE.

Impact

Risk Type Details
Remote Code Execution Arbitrary Java code execution via malicious JDBC payloads
Authentication Bypass Unauthorized access through forged JWT tokens
Affected Component DataEase backend (JDBC + JWT auth modules)
Exploit Prerequisites None — attacks work without valid credentials
System Requirements Default configurations are vulnerable
Exploit Maturity Public PoC/EXP available
Severity High
Fix Complexity Low — official patch released

Affected Versions 

DataEase < 2.10.10

Read More

Tags:

Previous Article

Next Article

Full-Scope Tests Passed! A Practical Guide to Apache DolphinScheduler 3.2.0 Sing...

Related Posts

How Good Website Design Can Help Convert More Clients

How Good Website Design Can Help Convert More Clients

May 24, 2025  0

CR2450: The Philosopher’s Battery

CR2450: The Philosopher’s Battery

Jun 3, 2025  0

How to Create an Animated Button with Hover Sound in React

How to Create an Animated Button with Hover Sound in React

Jun 6, 2025  0