xiaoxiaoranxxx/CVE-2025-70830

xiaoxiaoranxxx/CVE-2025-70830

Releases0

Stars5

A Server-Side Template Injection (SSTI) vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into the SQL script field.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-70830 ↗	Feb 17, 2026Tuesday, 17 February 2026, 16:20	9.9 CRITICAL	—
A Server-Side Template Injection (SSTI) vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into the SQL script field.