CVE-2025-15598

LOW 3.7

Dataease SQLBot JWT Token auth.py validateEmbedded signature verification

CVSS Score

3.7

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is said to be difficult. The exploit has been made public and could be used. A comment in the source code warns users about using this feature. The vendor was contacted early about this disclosure.

CWE	CWE-347 CWE-345
Vendor	dataease
Product	sqlbot
Published	Mar 3, 2026
Last Updated	Mar 3, 2026

Stay Ahead of the Next One

Get instant alerts for dataease sqlbot

Be the first to know when new low vulnerabilities affecting dataease sqlbot are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Dataease / SQLBot

1.5.0 1.5.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.348292 vuldb.com: https://vuldb.com/?ctiid.348292 vuldb.com: https://vuldb.com/?submit.707291 github.com: https://github.com/yaowenxiao721/Poc/blob/main/SQLBot/SQLBot-JWT-Signature-Verification-Bypass.md

Credits

🔍 yaowenxiao (VulDB User) VulDB