CVE-2025-70830

CRITICAL

Datart 1.0.0-rc.3 - Authenticated Remote Code Execution via Freemarker Template Injection in SQL Script Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-70830. PoCs published by xiaoxiaoranxxx.

AI-analyzed exploit summary This repository provides a functional exploit for CVE-2025-70830, demonstrating a Server-Side Template Injection (SSTI) vulnerability in Datart v1.0.0-rc.3. The exploit leverages Freemarker template syntax to achieve Remote Code Execution (RCE) via crafted payloads in SQL script fields.

Description

A Server-Side Template Injection (SSTI) vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into the SQL script field.

Exploits (1)

nomisec WORKING POC 1 stars
by xiaoxiaoranxxx · poc
https://github.com/xiaoxiaoranxxx/CVE-2025-70830

This repository provides a functional exploit for CVE-2025-70830, demonstrating a Server-Side Template Injection (SSTI) vulnerability in Datart v1.0.0-rc.3. The exploit leverages Freemarker template syntax to achieve Remote Code Execution (RCE) via crafted payloads in SQL script fields.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Datart v1.0.0-rc.3
Auth required
Prerequisites: Valid authentication token · Access to SQL script/query editor in Datart
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 9.9
EPSS 0.0100
EPSS Percentile 58.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-94
Status published
Published Feb 17, 2026
Tracked Since Feb 18, 2026