CVE-2025-15597

Name: CVE-2025-15597
Creator: NVD / NIST
Published: 2026-03-02T07:16:22.33+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

LOWCVSS 2.1/10EPSS 0.55%

Last modified Jun 17, 2026

CVE-2025-15597 is a low-severity vulnerability rated 2.1/10 on the CVSS scale. A vulnerability has been found in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps/system/api/assistant.py of the component API Endpoint. EPSS estimates a 0.55% chance of exploitation in the next 30 days.

Description

A vulnerability has been found in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps/system/api/assistant.py of the component API Endpoint. Such manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.0 mitigates this issue. The name of the patch is d640ac31d1ce64ce90e06cf7081163915c9fc28c. Upgrading the affected component is recommended. Multiple endpoints are affected. The vendor was contacted early about this disclosure.

Metrics

CVSS 3.1

6.3/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CVSS 4.0

2.1/10

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

0.55%

41.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Fit2cloud	Sqlbot	< 1.5.0

References

https://github.com/dataease/SQLBot/Product
https://github.com/dataease/SQLBot/commit/d640ac31d1ce64ce90e06cf7081163915c9fc28cPatch
https://github.com/dataease/SQLBot/releases/tag/v1.5.0Release Notes
https://github.com/dataease/SQLBot/security/advisories/GHSA-h4xm-3q3p-5g6rExploit, Vendor Advisory
https://github.com/yaowenxiao721/Poc/blob/main/SQLBot/SQLBot-AIModel-Management-Missing-Authorization.mdExploit, Third Party Advisory
https://github.com/yaowenxiao721/Poc/blob/main/SQLBot/SQLBot-User-Management-Broken-Access-Control.mdExploit, Third Party Advisory
https://vuldb.com/?ctiid.348291Permissions Required, VDB Entry
https://vuldb.com/?id.348291Third Party Advisory, VDB Entry
https://vuldb.com/?submit.706144Third Party Advisory, VDB Entry
https://vuldb.com/?submit.707283Third Party Advisory, VDB Entry
https://vuldb.com/?submit.707284Third Party Advisory, VDB Entry
https://vuldb.com/?submit.707285Third Party Advisory, VDB Entry
https://vuldb.com/?submit.707286Third Party Advisory, VDB Entry
https://vuldb.com/?submit.707288Third Party Advisory, VDB Entry
https://vuldb.com/?submit.707293Third Party Advisory, VDB Entry
https://vuldb.com/?submit.707294Third Party Advisory, VDB Entry
https://vuldb.com/?submit.707295Third Party Advisory, VDB Entry

Timeline

Published: Mar 2, 2026
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2025-15597?

How severe is CVE-2025-15597?

CVE-2025-15597 has a CVSS score of 2.1/10 (LOW severity). The EPSS model estimates a 0.55% probability of exploitation in the next 30 days.

How do I fix CVE-2025-15597?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-15597?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST