Severity: Critical

Description: DataFlux Data Management Studio 2.10 and DataFlux Data Management Server 2.10 contain an Apache Tika component that is affected by security vulnerabilities described in the CVE records listed below. In addition, certain code executed by DataFlux Data Management Studio 2.10 and DataFlux Data Management Server 2.10 might result in behavior associated with multiple common software weaknesses. For additional information, see the following CVE and CWE records:

CVE Records:

• CVE-2025-66516
• CVE-2025-54988

CWE Records:

• CWE-122: Heap-based Buffer Overflow
• CWE-125: Out-of-bounds Read
• CWE-170: Improper Null Termination
• CWE-190: Integer Overflow or Wraparound
• CWE-259: Use of Hard-coded Password
• CWE-312: Cleartext Storage of Sensitive Information
• CWE-369: Divide By Zero
• CWE-476: NULL Pointer Dereference
• CWE-775: Missing Release of File Descriptor or Handle after Effective Lifetime
• CWE-787: Out-of-bounds Write
• CWE-798: Use of Hard-coded Credentials
• CWE-916: Use of Password Hash With Insufficient Computational Effort
• CWE-922: Insecure Storage of Sensitive Information
• CWE-1330: Remanent Data Readable after Memory Erase

Potential Impact: Impacts vary and include the potential for unauthorized access to sensitive data, exposure of internal resources, and application crashes or denial of service. See the CVE and CWE records for additional information.