CVE-2025-15598

EUVD-2025-208227

03.03.2026, 10:16

A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is said to be difficult. The exploit has been made public and could be used. A comment in the source code warns users about using this feature. The vendor was contacted early about this disclosure.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	3.7 LOW	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
fit2cloud	sqlbot	𝑥 ≤ 1.5.1

𝑥

= Vulnerable software versions

Known Exploits!

https://github.com/yaowenxiao721/Poc/blob/main/SQLBot/SQLBot-JWT-Signature-Verification-Bypass.md

Common Weakness Enumeration

References

https://github.com/yaowenxiao721/Poc/blob/main/SQLBot/SQLBot-JWT-Signature-Verification-Bypass.md

https://vuldb.com/?ctiid.348292

https://vuldb.com/?id.348292

https://vuldb.com/?submit.707291