CVE-2025-56819
published 2025-09-24CVE-2025-56819: An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter.
PriorityP270critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
3.01%
85.7th percentile
An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| running-elephant | datart | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Use FOFA/Shodan/Hunter queries to identify exposed Datart instances as potential targets: title="Datart". ↗
- →The exploit flow requires authentication first (POST /api/v1/users/login) to obtain a bearer token, then uses that token to call the vulnerable /api/v1/data-provider/test endpoint. Correlate both requests from the same source IP. ↗
- →Look for the Authorization header extracted from login being reused in the data-provider/test request — a rapid login followed by data-provider/test POST is a strong behavioral indicator of exploitation. ↗
- →Out-of-band DNS/HTTP callbacks (OAST) are used to confirm exploitation; monitor for unexpected outbound DNS or HTTP requests from the Datart server process following a data-provider/test API call. ↗
- ·Exploitation requires valid credentials to authenticate first; the vulnerability is not fully pre-auth — an attacker must obtain or brute-force a valid Datart account before reaching the vulnerable endpoint. ↗
- ·The NVD entry scores this as CVSS 9.8 (AV:N/AC:L/PR:N/UI:N), but the Nuclei template requires authentication (PR:L at minimum), suggesting the NVD score may not fully reflect the authentication prerequisite. ↗
- ·The vulnerable version is specifically Datart v1.0.0-rc.3; the CPE is cpe:2.3:a:running-elephant:datart:1.0.0:rc3:*:*:*:*:*:*. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Datart v1.0.0-rc.3 - Remote Code Execution
nuclei·CVSS 9.8
CVE-2025-56819 [CRITICAL] Datart v1.0.0-rc.3 - Remote Code Execution
Datart v1.0.0-rc.3 - Remote Code Execution
Datart v1.0.0-rc.3 contains a vulnerability that allows remote attackers to execute arbitrary code via INIT connection parameters.
Template:
id: CVE-2025-56819
info:
name: Datart v1.0.0-rc.3 - Remote Code Execution
author: Redmomn
severity: critical
description: |
Datart v1.0.0-rc.3 contains a vulnerability that allows remote attackers to execute arbitrary code via INIT connection parameters.
reference:
- https://github.com/advisories/GHSA-623q-jr4p-f87c
- https://github.com/xyyzxc/CVE-2025-56819
- https://nvd.nist.gov/vuln/detail/CVE-2025-56819
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2025-56819
epss-score: 0.09591
epss-percentile: 0.92879
cwe-id: CWE-78
cpe: cpe:2.3:a:running-elep
No writeups or analysis indexed.
2025-09-24
Published