Vulnerabilities

CVE-2025-62422

by Fred · 17/10/2025

DataEase is an open source data visualization and analytics platform. In versions 2.10.13 and earlier, the /de2api/datasetData/tableField interface is vulnerable to SQL injection. An attacker can construct a malicious tableName parameter to execute arbitrary SQL commands. This issue is fixed in version 2.10.14. No known workarounds exist.

More information : https://github.com/dataease/dataease/commit/3c52cc26c4cca1000294346cf99a84b25d38bfb2

Similar

Tags: Cybersecurity Alert