CVE-2025-58046

CRITICAL LAB

Dataease <= 2.10.12 - Remote Code Execution via Impala JDBC Connection String JNDI Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-58046. PoCs published by exploitintel.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2025-58046, demonstrating JNDI injection in DataEase via Impala JDBC connection strings, leading to remote code execution. The PoC includes detailed analysis, lab setup, and multiple exploit vectors.

Description

Dataease is an open-source data visualization and analysis platform. In versions up to and including 2.10.12, the Impala data source is vulnerable to remote code execution due to insufficient filtering in the getJdbc method of the io.dataease.datasource.type.Impala class. Attackers can construct malicious JDBC connection strings that exploit JNDI injection and trigger RMI deserialization, ultimately enabling remote command execution. The vulnerability can be exploited by editing the data source and providing a crafted JDBC connection string that references a remote configuration file, leading to RMI-based deserialization attacks. This issue has been patched in version 2.10.13. It is recommended to upgrade to the latest version. No known workarounds exist for affected versions.

Exploits (1)

github WORKING POC 1 stars

by exploitintel · pythonpoc

https://github.com/exploitintel/eip-pocs-and-cves/tree/main/CVE-2025-58046

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2025-58046, demonstrating JNDI injection in DataEase via Impala JDBC connection strings, leading to remote code execution. The PoC includes detailed analysis, lab setup, and multiple exploit vectors.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: DataEase ≤ 2.10.12

Auth required

Prerequisites: authenticated access (default credentials: admin/DataEase@123456) · network access to target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 02, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Vendor Advisory x_refsource_confirm

https://github.com/dataease/dataease/security/advisories/GHSA-mvwc-x8x9-46c3

Patch x_refsource_misc

https://github.com/dataease/dataease/commit/8d04e92d44e1bac9284e9e64df5afd7f96d9373c

View Patch ZIP pw:eip

Related Analysis

72-Hour Stress Test

Scores

CVSS v3 9.8

EPSS 0.0130

EPSS Percentile 66.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Lab Environment

EIP LAB

mysql docker pull ghcr.io/exploitintel/cve-2025-58046-mysql:latest

patched docker pull ghcr.io/exploitintel/cve-2025-58046-patched:latest

vulnerable docker pull ghcr.io/exploitintel/cve-2025-58046-vulnerable:latest

View in Library GitHub

Details

CWE

CWE-502 CWE-74

Status published

Products (1)

dataease/dataease < 2.10.13

Published Sep 15, 2025

Tracked Since Feb 18, 2026