CVE-2025-15598

LOW
2026-03-03 [email protected]
3.7
CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 22:05 vuln.today
PoC Detected
Mar 05, 2026 - 21:52 vuln.today
Public exploit code
CVE Published
Mar 03, 2026 - 10:16 nvd
LOW 3.7

Tags

Authentication Bypass

Description

A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is said to be difficult. The exploit has been made public and could be used. A comment in the source code warns users about using this feature. The vendor was contacted early about this disclosure.

Analysis

A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is said to be difficult. The exploit has been made public and could be used. A comment in the source code warns use...

Technical Context

This vulnerability (CWE-345: Insufficient Verification of Data Authenticity) affects Sqlbot. was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is said to be difficult. The exploit has been made public and could be used. A comment in the source code warns users about using this

Affected Products

Vendor: Fit2Cloud. Product: Sqlbot. Versions: up to 1.5.1..

Remediation

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Priority Score

39
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +18
POC: +20

Share

CVE-2025-15598 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy