What is CVE-2025-53004?

CVE-2025-53004 is a vulnerability in Dataease, classified under CWE-153. Published 2025-06-30.

Is CVE-2025-53004 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Dataease

CVE-2025-53004

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg paramet…

EPSS: 0.005 (65.9th percentile) — read the EPSS interpretation.

Affected products

Dataease — versions < 2.10.11

Weakness classification (CWE)

CWE-153

Public proof-of-concept exploits

for-A1kaid/for-A1kaid
tanjiti/sec_

References

https://github.com/dataease/dataease/security/advisories/GHSA-mfg2-qr5c-99pp (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2025-53004?: CVE-2025-53004 is a vulnerability in Dataease, classified under CWE-153. Published 2025-06-30.
Is CVE-2025-53004 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.