A vulnerability, which was classified as problematic, was found in DataEase up to 2.10.9. This affects the function
getUrlType
of the component Incomplete Fix CVE-2025-46566. The manipulation of the argument Hostname leads to improper restriction of communication channel to intended endpoints.
This vulnerability is uniquely identified as CVE-2025-48999. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.