CVE-2025-15598 | Dataease SQLBot up to 1.5.1 JWT Token auth.py validateEmbedded signature verification

A vulnerability classified as problematic has been found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature.

This vulnerability is identified as CVE-2025-15598. The attack can be initiated remotely. Additionally, an exploit exists.

A comment in the source code warns users about using this feature. The vendor was contacted early about this disclosure.

CVE-2025-15598 | Dataease SQLBot up to 1.5.1 JWT Token auth.py validateEmbedded signature verification

Post correlati

CVE-2024-39755 | Veertu Anka Build 1.42.0 Anka Node Agent Update improper ownership management (TALOS-2024-2060)

CVE-2024-6947 | Flute CMS 0.2.2.4-alpha Notification ContentParser.php replaceContent code injection

CVE-2024-23979 | F5 BIG-IP up to 15.1.8/16.1.3/17.1.0 Certificate allocation of resources (K000134516)

CVE-2024-1590 | Page Builder Plugin up to 1.8.2 on WordPress Button cross site scripting