CVE-2025-70830

EPSS 0.03% · P10 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-70830

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

A Server-Side Template Injection (SSTI) vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into the SQL script field.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

datart 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

datart是running-elephant开源的一个数据可视化开放平台。 Datart v1.0.0-rc.3版本存在安全漏洞，该漏洞源于Freemarker模板引擎对SQL脚本字段输入清理不当，可能导致经过身份验证的攻击者注入特制模板语法，执行任意代码。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2025-70830

#	POC Description	Source Link	Shenlong Link
1	A Server-Side Template Injection (SSTI) vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into the SQL script field.	https://github.com/xiaoxiaoranxxx/CVE-2025-70830	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-70830

请登录查看更多情报信息。

Same Patch Batch · n/a · 2026-02-17 · 17 CVEs total

CVE-2026-2623	6.3 MEDIUM	Blossom File Upload BLOSManager.java put path traversal
CVE-2026-2622	3.5 LOW	Blossom Article Title ArticleController.java content cross site scripting
CVE-2026-26731		TOTOLINK A3002RU 缓冲区错误漏洞
CVE-2026-26736		TOTOLINK A3002RU 缓冲区错误漏洞
CVE-2026-26732		TOTOLINK A3002RU 缓冲区错误漏洞
CVE-2024-55270		PHPGurukul Student Management System 安全漏洞
CVE-2024-55271		PHPGurukul Gym Management System 安全漏洞
CVE-2025-59793		Rocket TRUfusion Enterprise 安全漏洞
CVE-2025-32355		Rocket TRUfusion Enterprise 安全漏洞
CVE-2025-70829		datart 安全漏洞
CVE-2025-70828		datart 安全漏洞
CVE-2025-70846		aidigu 安全漏洞
CVE-2025-70397		JIZHICMS（极致CMS）安全漏洞
CVE-2025-67905		Malwarebytes AdwCleaner 安全漏洞
CVE-2025-67102		Jorani 安全漏洞
CVE-2025-65753		Gryphon Guardian WiFi access point 安全漏洞

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2025-70830

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-70830

I. Basic Information for CVE-2025-70830

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-70830

III. Intelligence Information for CVE-2025-70830

Same Patch Batch · n/a · 2026-02-17 · 17 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-70830

Leave a comment