CVE-2025-62422
EUVD-2025-3491417.10.2025, 18:15
DataEase is an open source data visualization and analytics platform. In versions 2.10.13 and earlier, the /de2api/datasetData/tableField interface is vulnerable to SQL injection. An attacker can construct a malicious tableName parameter to execute arbitrary SQL commands. This issue is fixed in version 2.10.14. No known workarounds exist.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| dataease | dataease | 𝑥 < 2.10.14 |
𝑥
= Vulnerable software versions