CVE-2025-15107
Last modified
CVE-2025-15107 is a low-severity vulnerability rated 2.9/10 on the CVSS scale. A security vulnerability has been detected in actiontech sqle up to 4.2511.0. The impacted element is an unknown function of the file sqle/utils/jwt.go of the component JWT Secret Handler. EPSS estimates a 0.56% chance of exploitation in the next 30 days.
Description
A security vulnerability has been detected in actiontech sqle up to 4.2511.0. The impacted element is an unknown function of the file sqle/utils/jwt.go of the component JWT Secret Handler. The manipulation of the argument JWTSecretKey leads to use of hard-coded cryptographic key . The attack is possible to be carried out remotely. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report and is planning to fix this flaw in an upcoming release.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Actionsky | Sqle | <= 4.2511.0 |
References
- https://github.com/actiontech/sqle/issues/3186Exploit, Third Party Advisory
- https://vuldb.com/?ctiid.338478Permissions Required, VDB Entry
- https://vuldb.com/?id.338478Third Party Advisory, VDB Entry
- https://vuldb.com/?submit.710380Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-15107?
How severe is CVE-2025-15107?
How do I fix CVE-2025-15107?
Are you affected by CVE-2025-15107?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST