¡¾Îó²îͨ¸æ¡¿DataEase Redshift JDBC RCE (CVE-2025-58748)

Ðû²¼Ê±¼ä 2025-09-16

Ò»¡¢Îó²î¸ÅÊö


Îó²îÃû³Æ

DataEase Redshift JDBC RCE

CVE   ID

CVE-2025-58748

Îó²îÀàÐÍ

RCE

·¢Ã÷ʱ¼ä

2025-09-16

Îó²îÆÀ·Ö

8.7

Îó²îÆ·¼¶

¸ßΣ

¹¥»÷ÏòÁ¿

ÍøÂç

ËùÐèȨÏÞ

µÍ

ʹÓÃÄѶÈ

µÍ

Óû§½»»¥

²»ÐèÒª

PoC/EXP

δ¹ûÕæ

ÔÚҰʹÓÃ

δ·¢Ã÷


DataEaseÊÇÒ»¿î¿ªÔ´µÄÊý¾Ý¿ÉÊÓ»¯ÓëÆÊÎöƽ̨£¬Ö§³Ö¶àÖÖÊý¾ÝÔ´½ÓÈ룬Ìṩ±¨±í¡¢¿´°å¡¢¿ÉÊÓ»¯´óÆÁµÈ¹¦Ð§£¬×ÊÖúÓû§ÊµÏÖÊý¾ÝÅÌÎÊ¡¢ÆÊÎöÓëչʾ¡£ËüÖ§³ÖJDBC¡¢APIµÈ¶àÖÖÊý¾ÝÅþÁ¬·½·¨£¬ÊÊÓÃÓÚBI±¨±í¡¢Êý¾ÝÆÊÎö¼°¿ÉÊÓ»¯³¡¾°¡£


2025Äê9ÔÂ16ÈÕ£¬×ðÁú¿­Ê±¼¯ÍÅVSRC¼à²âµ½DataEase±£´æRedshift JDBCÈƹýµ¼ÖÂÔ¶³Ì´úÂëÖ´ÐеÄÎó²î£¬ÓÉÓÚδ¶ÔH2 JDBCǰ׺×öÑÏ¿áУÑ飬ϵͳ»á½ÓÊÜʹÓÃcom.amazon.redshift.jdbc42.DriverµÄÅþÁ¬´®£¬¹¥»÷Õß¿Éͨ¹ýÔÚsocketFactory/socketFactoryArgÖÐÖ¸Ïò¶ñÒâSpring XMLÔØÈëÀà·¾¶/ÎļþϵͳÉÏÏÂÎIJ¢´¥·¢RCE¡£Îó²îÆÀ·Ö8.7£¬Îó²î¼¶±ð¸ßΣ¡£


¶þ¡¢Ó°Ïì¹æÄ£


DataEase ¡Ü 2.10.12


Èý¡¢Çå¾²²½·¥


3.1 Éý¼¶°æ±¾


ÒÑÐû²¼ÐÞ¸´°æ±¾£¬Ç뽫DataEaseÉý¼¶µ½2.10.13°æ±¾¡£


ÏÂÔØÁ´½Ó£ºhttps://github.com/dataease/dataease/releases/


3.2 ÔÝʱ²½·¥


ÔÝÎÞ¡£


3.3 ͨÓý¨Òé


? °´ÆÚ¸üÐÂϵͳ²¹¶¡£¬ïÔ̭ϵͳÎó²î£¬ÌáÉý·þÎñÆ÷µÄÇå¾²ÐÔ¡£
ÔöǿϵͳºÍÍøÂçµÄ»á¼û¿ØÖÆ£¬Ð޸ķÀ»ðǽսÂÔ£¬¹Ø±Õ·ÇÐëÒªµÄÓ¦Óö˿ڻò·þÎñ£¬ïÔÌ­½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Ì»Â¶µ½¹«Íø£¬ïÔÌ­¹¥»÷Ãæ¡£
ʹÓÃÆóÒµ¼¶Çå¾²²úÆ·£¬ÌáÉýÆóÒµµÄÍøÂçÇå¾²ÐÔÄÜ¡£
ÔöǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬ÆôÓöàÒòËØÈÏÖ¤»úÖƺÍ×îСȨÏÞÔ­Ôò£¬Óû§ºÍÈí¼þȨÏÞÓ¦¼á³ÖÔÚ×îµÍÏ޶ȡ£
ÆôÓÃÇ¿ÃÜÂëÕ½ÂÔ²¢ÉèÖÃΪ°´ÆÚÐ޸ġ£


3.4 ²Î¿¼Á´½Ó


https://github.com/dataease/dataease/security/advisories/GHSA-23qw-9qrh-9rr8/
https://www.tenable.com/cve/CVE-2025-58748/