CVE-2025-70828
Received Received - Intake
Remote Code Execution via JDBC URL in Datart v1.0.0-rc

Publication date: 2026-02-17

Last updated on: 2026-04-03

Assigner: MITRE

Description
An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-17
Last Modified
2026-04-03
Generated
2026-06-16
AI Q&A
2026-02-17
EPSS Evaluated
2026-06-15
NVD
CVE-2025-70828
EUVD
EUVD-2025-207895
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
running-elephant datart 1.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-70828 is a vulnerability in Datart version 1.0.0-rc.3 related to improper input validation of the JDBC URL parameter during data source configuration.

An authenticated attacker with data source configuration privileges can inject malicious parameters into the JDBC connection string, such as `allowLoadLocalInfile=true`.

By directing the JDBC URL to connect to a rogue MySQL server controlled by the attacker, the attacker exploits the LOAD DATA LOCAL INFILE feature to cause the Datart server to send local files from its filesystem (like `/etc/passwd`, configuration files, or source code) to the attacker.

Impact Analysis

This vulnerability can lead to arbitrary file disclosure, exposing sensitive files on the Datart server to an attacker.

The exposure of sensitive information such as configuration files, source code, or system files can result in further server compromise or additional attacks.

Overall, the impact is considered high severity due to the potential for significant data leakage and system compromise.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability can be detected by monitoring for suspicious POST requests to the Datart server's `/api/v1/data-provider/test` endpoint that include JDBC URLs with parameters such as `allowLoadLocalInfile=true`, `allowUrlInLocalInfile=true`, and unusually high `maxAllowedPacket` values."}, {'type': 'paragraph', 'content': 'You can look for signs of exploitation by inspecting web server logs or network traffic for these specific patterns in the JSON payload.'}, {'type': 'paragraph', 'content': 'Example commands to detect potential exploitation attempts include:'}, {'type': 'list_item', 'content': "Using grep on server logs to find suspicious JDBC URLs: `grep -i 'allowLoadLocalInfile=true' /path/to/datart/logs/*`"}, {'type': 'list_item', 'content': 'Using tcpdump or Wireshark to filter HTTP POST requests to `/api/v1/data-provider/test` endpoint and inspect payloads for JDBC URL parameters.'}, {'type': 'list_item', 'content': 'Checking for unusual MySQL connection attempts or connections to unknown MySQL servers from the Datart server.'}] [1]

Mitigation Strategies

Immediate mitigation steps include restricting or disabling the ability to configure JDBC URLs with parameters that enable `LOAD DATA LOCAL INFILE` features, such as `allowLoadLocalInfile=true`.

Ensure that only trusted users have data source configuration privileges to prevent attackers from injecting malicious JDBC URLs.

Monitor and block outgoing connections from the Datart server to untrusted or unknown MySQL servers to prevent data exfiltration.

Apply any available patches or updates from the Datart project that address this vulnerability once released.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-70828. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart