Description

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal. The configuration file handling of the application allows attackers to upload arbitrary YAML files to the config/jdbc-driver-ext.yml path. The application parses this file using SnakeYAML's unsafe load() or loadAs() method without input sanitization. This allows deserialization of attacker-controlled YAML content, leading to arbitrary class instantiation. Under certain conditions, this can be exploited to achieve remote code execution (RCE).

INFO

Published Date :

2025-09-24T00:00:00.000Z

Last Modified :

2025-09-24T17:18:26.606Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-56816 vulnerability.

Vendors Products
Datart
  • Datart
Running-elephant
  • Datart
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-56816.

URL Resource
https://github.com/running-elephant/datart cve-icon cve-icon
https://github.com/xiaoxiaoranxxx/CVE-2025-56815 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact