CVE-2025-48999 | DataEase up to 2.10.9 Incomplete Fix CVE-2025-46566 getUrlType Hostname communication channel to intended endpoints

Inserito da Angelo Barbosa | Giu 3, 2025 | CVE

A vulnerability, which was classified as problematic, was found in DataEase up to 2.10.9. This affects the function getUrlType of the component Incomplete Fix CVE-2025-46566. The manipulation of the argument Hostname leads to improper restriction of communication channel to intended endpoints.

This vulnerability is uniquely identified as CVE-2025-48999. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-48999 | DataEase up to 2.10.9 Incomplete Fix CVE-2025-46566 getUrlType Hostname communication channel to intended endpoints

Post correlati

CVE-2024-50608 | Fluent Bit 3.1.9 prom_rw_prot.c process_payload_metrics_ng null pointer dereference

CVE-2024-43444 | OTRS/OTRS Community Edition Admin Log Module log file

CVE-2025-0588 | Octopus Deploy Octopus Server denial of service

CVE-2024-2845 | wpdevteam BetterDocs Plugin up to 3.4.2 on WordPress Shortcode cross site scripting