CVE-2025-48999 | DataEase up to 2.10.9 Incomplete Fix CVE-2025-46566 getUrlType Hostname communication channel to intended endpoints

Inserito da Angelo Barbosa | Giu 3, 2025 | CVE

A vulnerability, which was classified as problematic, was found in DataEase up to 2.10.9. This affects the function getUrlType of the component Incomplete Fix CVE-2025-46566. The manipulation of the argument Hostname leads to improper restriction of communication channel to intended endpoints.

This vulnerability is uniquely identified as CVE-2025-48999. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-48999 | DataEase up to 2.10.9 Incomplete Fix CVE-2025-46566 getUrlType Hostname communication channel to intended endpoints

Post correlati

CVE-2023-34873 | Mobotix Mx6 v26 tcpdump expression/command delimiters (icsa-24-235-03)

CVE-2024-2074 | Mini-Tmall up to 20231017 ?r=tmall/admin/user/1/1 orderBy sql injection

CVE-2023-2976 | Oracle Utilities Network Management System up to 2.6.0.1 User Interface unknown vulnerability

CVE-2025-1066 | OpenPLC V3 unrestricted upload