CVE-2025-70829

Published: Feb 17, 2026Modified: Feb 23, 2026

5.7

Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.1 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via a custom H2 JDBC connection string.

Affected (1)

Products: Running Elephant: Datart

Running Elephant

1 product

Datart

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Running Elephant Datart	Version 1.0.0 rc3

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://github.com/running-elephant/datart

Source: cve@mitre.org

Product

https://github.com/xiaoxiaoranxxx/CVE-2025-70829

Source: cve@mitre.org

ExploitThird Party Advisory

Timeline

No history available yet.