QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-62422

Back to search

CVE-2025-62422

Published: Oct 17, 2025

Modified: Oct 17, 2025

PUBLISHED

Description

DataEase is an open source data visualization and analytics platform. In versions 2.10.13 and earlier, the /de2api/datasetData/tableField interface is vulnerable to SQL injection. An attacker can construct a malicious tableName parameter to execute arbitrary SQL commands. This issue is fixed in version 2.10.14. No known workarounds exist.

VendorProductVersions

dataease

dataease

affected
< 2.10.14

Weaknesses (CWE)

CWE-89

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now