cbcvebase.
CVE-2025-56819
published 2025-09-24

CVE-2025-56819: An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter.

PriorityP270critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
3.01%
85.7th percentile
An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
running-elephantdatart

Detection & IOCsextracted from sources · hover to see the quote

url/api/v1/users/login
url/api/v1/data-provider/test
  • Use FOFA/Shodan/Hunter queries to identify exposed Datart instances as potential targets: title="Datart".
  • The exploit flow requires authentication first (POST /api/v1/users/login) to obtain a bearer token, then uses that token to call the vulnerable /api/v1/data-provider/test endpoint. Correlate both requests from the same source IP.
  • Look for the Authorization header extracted from login being reused in the data-provider/test request — a rapid login followed by data-provider/test POST is a strong behavioral indicator of exploitation.
  • Out-of-band DNS/HTTP callbacks (OAST) are used to confirm exploitation; monitor for unexpected outbound DNS or HTTP requests from the Datart server process following a data-provider/test API call.
  • ·Exploitation requires valid credentials to authenticate first; the vulnerability is not fully pre-auth — an attacker must obtain or brute-force a valid Datart account before reaching the vulnerable endpoint.
  • ·The NVD entry scores this as CVSS 9.8 (AV:N/AC:L/PR:N/UI:N), but the Nuclei template requires authentication (PR:L at minimum), suggesting the NVD score may not fully reflect the authentication prerequisite.
  • ·The vulnerable version is specifically Datart v1.0.0-rc.3; the CPE is cpe:2.3:a:running-elephant:datart:1.0.0:rc3:*:*:*:*:*:*.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.