CVE-2025-56816

Published: Sep 24, 2025

Modified: Sep 24, 2025

PUBLISHED

Description

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal. The configuration file handling of the application allows attackers to upload arbitrary YAML files to the config/jdbc-driver-ext.yml path. The application parses this file using SnakeYAML's unsafe load() or loadAs() method without input sanitization. This allows deserialization of attacker-controlled YAML content, leading to arbitrary class instantiation. Under certain conditions, this can be exploited to achieve remote code execution (RCE).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/running-elephant/datart

https://github.com/xiaoxiaoranxxx/CVE-2025-56815

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-56816

Description

Affected Products

References