CVE-2025-70829
Received Received - Intake

Information Exposure in Datart v1.0.0-rc.3 via H2 JDBC String

Vulnerability report for CVE-2025-70829, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-17

Last updated on: 2026-02-23

Assigner: MITRE

Description

An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via a custom H2 JDBC connection string.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-17
Last Modified
2026-02-23
Generated
2026-07-06
AI Q&A
2026-02-17
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
running-elephant datart 1.0.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2025-70829 is an information exposure vulnerability in Datart version 1.0.0-rc.3 that allows authenticated attackers to access sensitive internal data by exploiting the application's handling of custom H2 JDBC connection strings."}, {'type': 'paragraph', 'content': 'Attackers can create a malicious data source within the Datart dashboard by configuring a custom H2 JDBC URL pointing to the internal database file. After logging in, they navigate to the Data Source section, create and test this malicious data source, and then use SQL editor or chart tools to execute arbitrary SQL queries on the internal database.'}, {'type': 'paragraph', 'content': 'This allows attackers to retrieve sensitive information such as user credentials (including password hashes) and configuration details of other connected data sources. The password hashes can be used to forge valid JWT tokens to impersonate any user, including administrators, because the application uses a hardcoded secret key for JWT signing.'}, {'type': 'paragraph', 'content': 'Additionally, attackers can decrypt AES-encrypted configuration fields containing plaintext credentials for external databases using the same hardcoded key.'}] [1]

Impact Analysis

This vulnerability can lead to significant security breaches by exposing sensitive internal data to authenticated attackers.

  • Attackers can access user credentials, including password hashes.
  • They can forge JWT tokens to impersonate any user, including administrators, gaining unauthorized access and control.
  • Attackers can obtain configuration details and plaintext credentials for external databases connected to Datart.

Overall, this can compromise the confidentiality, integrity, and availability of the Datart system and any connected data sources.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by verifying if an authenticated user can create a custom H2 JDBC data source within the Datart dashboard that points to the internal database file.'}, {'type': 'paragraph', 'content': 'Specifically, after logging into Datart, check if it is possible to navigate to the "Data Source" section, create a new H2 data source with a JDBC URL like `jdbc:h2:file:./bin/h2/datart.demo;MODE=MySQL`, test the connection, and save it.'}, {'type': 'paragraph', 'content': 'If this is possible, the system is vulnerable because it allows execution of arbitrary SQL queries on the internal database.'}, {'type': 'paragraph', 'content': 'Commands or steps to detect exploitation include attempting to create such a data source and running SQL queries to access sensitive tables such as `user` or `source`.'}] [1]

Mitigation Strategies

Immediate mitigation steps include restricting authenticated users from creating or modifying H2 JDBC data sources that point to internal database files.

Additionally, review and remove or limit permissions that allow users to add custom data sources or execute arbitrary SQL queries within the Datart dashboard.

Consider changing the hardcoded JWT secret key and avoid using predictable or hardcoded keys for signing tokens.

If possible, update or patch Datart to a version where this vulnerability is fixed.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-70829. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart