CVE-2025-58045
BaseFortify
Publication date: 2025-09-15
Last updated on: 2025-09-19
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dataease | dataease | to 2.10.13 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-58045 is a Server-Side Request Forgery (SSRF) vulnerability in Dataease versions up to 2.10.12. It occurs because a patch intended to prevent remote code execution via DB2 JDBC deserialization attacks only blacklisted the 'rmi' parameter but failed to filter the 'ldap' parameter in the DB2 JDBC connection string. Attackers can exploit this by setting the JDBC connection string to include an attacker-controlled LDAP URL, causing the server to make unauthorized requests to attacker-controlled servers. While newer Java versions disable LDAP deserialization to prevent remote code execution, the SSRF vulnerability remains exploitable. The issue is fixed in version 2.10.13 by expanding the blacklist of illegal parameters to block such attacks. [1, 2]
How can this vulnerability impact me? :
This vulnerability allows an attacker to perform Server-Side Request Forgery (SSRF) attacks by exploiting the 'ldap' parameter in the DB2 JDBC connection string. This means an attacker can make the vulnerable server initiate unauthorized network requests to internal or external systems controlled by the attacker. Such SSRF attacks can lead to information disclosure, unauthorized access to internal services, or further exploitation depending on the network environment. Although remote code execution is prevented in newer Java versions, the SSRF risk remains until the software is updated. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for JDBC connection strings in Dataease configurations that include the ldap parameter in DB2 datasource connection strings. Specifically, look for JDBC URLs containing ldap:// in the clientRerouteServerListJNDIName or similar parameters. For example, you can search configuration files or logs for patterns like 'jdbc:db2://...:clientRerouteServerListJNDIName=ldap://'. Additionally, network monitoring can detect outbound LDAP connections initiated by the Dataease server to unexpected external LDAP servers, which may indicate exploitation attempts. Commands to detect this could include grepping configuration files for ldap parameters, e.g., `grep -r 'ldap://' /path/to/dataease/configs` or monitoring network connections with tools like `netstat -anp | grep :389` or using packet capture tools to detect LDAP traffic to suspicious IPs. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate and recommended mitigation step is to upgrade Dataease to version 2.10.13 or later, where the vulnerability is fixed by blocking dangerous parameters including ldap in the DB2 JDBC connection string. No other workarounds are documented. Ensuring that your Java environment is updated to a version that disables LDAP deserialization by default can help prevent remote code execution, but SSRF remains exploitable without the Dataease patch. Therefore, upgrading Dataease is critical. [1, 2]