What is the CVSS score of CVE-2025-49002?

CVE-2025-49002 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Dataease are affected by CVE-2025-49002?

DataEase contains a critical authentication bypass vulnerability (CVSS 9.8) that allows unauthenticated attackers to circumvent security controls, potentially exposing all organizational data and…. A patch is available.

Is there a public PoC exploit available for CVE-2025-49002?

Yes, a public proof-of-concept exploit is available for CVE-2025-49002. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2025-49002?

Within 24 hours: Identify all DataEase instances in your environment and document current versions. Within 7 days: Apply the vendor-released patch to all DataEase deployments; verify patch installation by confirming version change and testing authentication controls. Within 30 days: Conduct a security audit of DataEase access logs to identify any unauthorized access attempts during the vulnerability window.

Dataease CVE-2025-49002

EUVD-2025-16788 CRITICAL

Authentication Bypass by Spoofing (CWE-290)

2025-06-03 security-advisories@github.com

Authentication Bypass Code Injection Dataease

9.8

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 05:55 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

2.10.10

EUVD ID Assigned

Mar 14, 2026 - 17:04 euvd

EUVD-2025-16788

Analysis Generated

Mar 14, 2026 - 17:04 vuln.today

PoC Detected

Jun 05, 2025 - 14:07 vuln.today

Public exploit code

CVE Published

Jun 03, 2025 - 21:15 nvd

CRITICAL 9.8

DescriptionGitHub Advisory

DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that allow the patch to be bypassed through case insensitivity because INIT and RUNSCRIPT are prohibited. The vulnerability has been fixed in v2.10.10. No known workarounds are available.

AnalysisAI

Auth bypass in DataEase via CVE-2025-49001 patch evasion. PoC available.

Technical ContextAI

CWE-290.

RemediationAI

Update.

CVE-2025-49002 vulnerability details – vuln.today

Back

Dataease CVE-2025-49002

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code