CVE-2025-53005
BaseFortify
Publication date: 2025-07-01
Last updated on: 2025-07-16
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dataease | dataease | to 2.10.11 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-153 | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as substitution characters when they are sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in DataEase versions up to 2.10.10 involves the PostgreSQL Data Source JDBC connection parameters 'sslfactory' and 'sslfactoryarg'. An attacker can exploit these parameters by crafting a malicious JDBC URL that bypasses security controls, potentially allowing remote code execution or command injection. For example, by entering a specially crafted string into the Hostname/IP Address field, the attacker can trigger a netcat listener on a remote server, demonstrating the exploit. This issue was fixed in version 2.10.11. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to bypass security controls in DataEase and execute arbitrary commands or code remotely. This could lead to unauthorized access, data compromise, or control over the affected system running DataEase, posing significant security risks. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious JDBC connection strings that include the parameters 'sslfactory' and 'sslfactoryarg' in Dataease PostgreSQL Data Source connections. Specifically, look for connection strings similar to: jdbc:postgresql://<host>:<port>/<db>?sslfactory=<value>&sslfactoryarg=<value>. Additionally, detection can involve checking for unusual network activity such as connections to unexpected external URLs or netcat (nc) listeners triggered by specific payloads (e.g., uppercase 'S'). Commands to help detect this might include network traffic inspection tools like tcpdump or Wireshark to filter for PostgreSQL traffic containing these parameters, or searching application logs for JDBC URLs containing 'sslfactory' and 'sslfactoryarg'. Example command to search logs: grep -i 'sslfactory' /path/to/dataease/logs/* [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate and recommended step to mitigate this vulnerability is to upgrade Dataease to version 2.10.11 or later, where the issue has been patched. No alternative workarounds are provided beyond upgrading. [1]