CVE-2025-15597 | Dataease SQLBot up to 1.4.0 API Endpoint assistant.py access control (GHSA-h4xm-3q3p-5g6r)

A vulnerability described as critical has been identified in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps/system/api/assistant.py of the component API Endpoint. Such manipulation leads to improper access controls.

This vulnerability is referenced as CVE-2025-15597. It is possible to launch the attack remotely. Furthermore, an exploit is available.

Upgrading the affected component is recommended.

Multiple endpoints are affected. The vendor was contacted early about this disclosure.VulDB Recent EntriesRead More