CVE-2025-13268 MEDIUM

CVE-2025-13268: Dromara dataCompare JDBC URL DbconfigServiceImpl.java DbConfig injection

Vendor Dromara

Product dataCompare

Weakness CWE-74

Published November 17, 2025

Last update November 17, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A flaw has been found in Dromara dataCompare up to 1.0.1. The affected element is the function DbConfig of the file src/main/java/com/vince/xq/project/system/dbconfig/service/DbconfigServiceImpl.java of the component JDBC URL Handler. Executing manipulation can lead to injection. The attack can be launched remotely. The exploit has been published and may be used.

Key dates

Disclosure timeline

November 17, 2025 CVE published

November 17, 2025 Record updated

Identifiers

CVE CVE-2025-13268

CWE CWE-74

CVSS 5.3 / MEDIUM

Affected versions

Vendor Dromara

Product dataCompare

Affected 1.0.0

Vendor Dromara

Product dataCompare

Affected 1.0.1