Which versions of Dataease SQLBot are affected by CVE-2025-15598?

CVE-2025-15598 is a low-severity vulnerability in Dataease SQLBot (CVSS 3.7). The limited severity suggests constrained impact, typically requiring specific conditions or local access for…

Is there a public PoC exploit available for CVE-2025-15598?

Yes, a public proof-of-concept exploit is available for CVE-2025-15598. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2025-15598?

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

Dataease SQLBot CVE-2025-15598

Q: What is the CVSS score of CVE-2025-15598?

CVE-2025-15598 has a CVSS 4.0 base score of 2.9 (Low). CVSS vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

LOW

Insufficient Verification of Data Authenticity (CWE-345)

2026-03-03 cna@vuldb.com

Information Disclosure

2.9

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:11 NVD

3.7 (LOW) 2.9 (LOW)

Analysis Generated

Mar 12, 2026 - 22:05 vuln.today

PoC Detected

Mar 05, 2026 - 21:52 vuln.today

Public exploit code

CVE Published

Mar 03, 2026 - 10:16 nvd

LOW 3.7

DescriptionNVD

A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is said to be difficult. The exploit has been made public and could be used. A comment in the source code warns users about using this feature. The vendor was contacted early about this disclosure.

AnalysisAI

Technical ContextAI

This vulnerability (CWE-345: Insufficient Verification of Data Authenticity) affects Sqlbot. was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is said to be difficult. The exploit has been made public and could be used. A comment in the source code warns users about using this

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2025-15598 vulnerability details – vuln.today

Back