DataEase JDBC JNDI Injection (v 2.10.14, fixed 2.10.15)
CVE-2025-64164 Published on November 6, 2025
DataEase is vulnerable to Oracle JNDI Injection
Dataease is an open source data visualization analysis tool. In versions 2.10.14 and below, DataEase did not properly filter when establishing JDBC connections to Oracle, resulting in a risk of JNDI injection (Java Naming and Directory Interface injection). This issue is fixed in version 2.10.15.
Weakness Type
What is a Marshaling, Unmarshaling Vulnerability?
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
CVE-2025-64164 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.
Products Associated with CVE-2025-64164
Want to know whenever a new CVE is published for Dataease? stack.watch will email you.
Affected Versions
dataease Version < 2.10.15 is affected by CVE-2025-64164Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.