CVE List

CVE-2025-64164

Dataease is an open source data visualization analysis tool. In versions 2.10.14 and below, DataEase did not properly filter when establishing JDBC connections to Oracle, resulting in a risk of JNDI injection (Java Naming and Directory Interface injection). This issue is fixed in version 2.10.15.

Published November 6, 2025.

Affected software

Get alerts for Dataease Dataease

Reference links