Hillstone Networks

RULE（RULE ID：339076）

Rule General Information


Release Date:		2025-06-10

Rule Name:		Dataease H2 Database JDBC Remote Code Execution Vulnerability (CVE-2025-32966 CVE-2025-49002)

Severity:

CVE ID:

Rule Protection Details


Description:		DataEase is an open source data visualization analysis tool developed by DataEase. It is used to help users quickly analyze data and gain insights into business trends, thereby improving and optimizing business. DataEase versions prior to 2.10.8 have a security vulnerability CVE-2025-32966, which originates from the backend JDBC link and may lead to remote code execution. CVE-2025-49002 uses case insensitivity to bypass the patch for CVE-2025-32966. This vulnerability has been fixed in Dataease v2.10.10.

Impact:		An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software.

Affected OS:		Windows, Linux, Others

Reference:		https://github.com/dataease/dataease/security/advisories/GHSA-h7hj-4j78-cvc7

Solutions

Please upgrade Dataease to version v2.10.10 or above.