Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable API needing only a low-privilege account (PR:L, AC:L); arbitrary file write yields high integrity and availability impact but no data disclosure, so C:N.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase template saves call TemplateManageService#save, StaticResourceServer#saveFilesToServe, and the /de2api/templateManage/save endpoint with attacker-controlled staticResource names and Base64 content, allowing path traversal and arbitrary file writes because only / was used when extracting the file name. This issue is fixed in version 2.10.23.
AnalysisAI
Arbitrary file write in DataEase (open-source BI/data-visualization platform) before 2.10.23 lets an authenticated user (PR:L) abuse the /de2api/templateManage/save template-save endpoint to write attacker-controlled Base64 content to arbitrary filesystem paths. Because StaticResourceServer#saveFilesToServe extracted the filename using only a forward-slash split, crafted staticResource names containing traversal sequences or backslashes escaped the intended static-resource directory. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires an authenticated DataEase account with permission to reach the template-save flow (POST /de2api/templateManage/save invoking TemplateManageService#save → StaticResourceServer#saveFilesToServe); this maps to the CVSS PR:L requirement, so it is not exploitable by fully unauthenticated attackers. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H, score 8.5) indicates a network-reachable, low-complexity attack requiring only low-level authentication, with high integrity and availability impact and no confidentiality impact - consistent with an arbitrary-file-write primitive rather than data theft. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with a low-privilege DataEase account submits a crafted template-save request to /de2api/templateManage/save containing a staticResource name with traversal or backslash sequences and Base64-encoded malicious content. Because the server only split on '/', the file is written outside the static-resource directory - for example dropping a webshell into a servlet-served path or overwriting a configuration file - leading to code execution or integrity compromise. … |
| Remediation | Vendor-released patch: upgrade to DataEase 2.10.23, which replaces the naive filename extraction with a backslash-normalizing extractFileName() helper (commit d34f413ef047bd275909d67310d200cbc8ae31ba; release https://github.com/dataease/dataease/releases/tag/v2.10.23; advisory https://github.com/dataease/dataease/security/advisories/GHSA-83fh-fgh3-g9f9). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, audit your DataEase installation to confirm you are not running versions prior to 2.10.23 and identify all users with template management permissions. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, a threat actor m
Auth bypass in DataEase via CVE-2025-49001 patch evasion. PoC available.
Auth bypass in DataEase BI tool before 2.10.10.
A remote code execution vulnerability in DataEase (CVSS 9.8). Risk factors: public PoC available.
A remote code execution vulnerability in DataEase (CVSS 9.8). Risk factors: public PoC available.
A remote code execution vulnerability in DataEase (CVSS 9.8). Risk factors: public PoC available.
DataEase data visualization tool prior to 2.10.19 uses MD5-hashed passwords without salting, allowing attackers to crack
DataEase is an open source data visualization analysis tool. Rated critical severity (CVSS 9.8), this vulnerability is r
DataEase is an open source data visualization analysis tool. Rated critical severity (CVSS 9.8), this vulnerability is r
DataEase is an open source data visualization and analysis tool. Rated critical severity (CVSS 9.8), this vulnerability
Dataease is an open source data visualization and analysis tool. Rated critical severity (CVSS 9.8), this vulnerability
Dataease is an open source data visualization analysis tool. Rated critical severity (CVSS 9.8), this vulnerability is r
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44777