CVE-2025-58046
BaseFortify
Publication date: 2025-09-15
Last updated on: 2025-09-19
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dataease | dataease | to 2.10.13 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-58046 is a critical remote code execution vulnerability in the Impala datasource component of Dataease (versions up to 2.10.12). It occurs because the getJdbc method in the io.dataease.datasource.type.Impala class does not properly filter JDBC connection string parameters. Attackers can craft malicious JDBC URLs that exploit JNDI injection and trigger RMI deserialization, allowing them to execute arbitrary commands remotely on the affected system. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary code remotely on your system by providing a specially crafted JDBC connection string. This can lead to full system compromise, unauthorized access, data theft, or disruption of services running on the affected Dataease platform. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can focus on identifying malicious JDBC connection strings that include suspicious parameters such as 'autoDeserialize', 'queryInterceptors', 'statementInterceptors', or 'detectCustomCollations' in the Impala datasource configuration. Network monitoring can look for outbound RMI connections, especially to unusual or unknown remote servers on port 8899 or other RMI-related ports. Commands to detect suspicious JDBC URLs in configuration files or logs might include grep or similar text search tools, for example: 1) grep -r 'jdbc:' /path/to/dataease/config 2) grep -E 'autoDeserialize|queryInterceptors|statementInterceptors|detectCustomCollations' /path/to/dataease/config 3) netstat -anp | grep ':8899' to check for active RMI connections or listeners. Additionally, monitoring Java process network activity for unexpected RMI connections can help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Dataease to version 2.10.13 or later, where the vulnerability has been patched. Since no known workarounds exist for affected versions, upgrading is critical. Additionally, restrict network access to prevent outbound RMI connections from the Dataease server to untrusted hosts, and monitor for suspicious JDBC connection strings in datasource configurations to prevent exploitation. [1]