Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.3
Dataease SQLBot JWT Token Handler signature verification bypass
CVE-2025-15598
Summary
Using Dataease SQLBot versions up to 1.5.1, an attacker can bypass security checks on certain tokens, potentially allowing unauthorized access to your system. This is a serious issue because it could allow someone to pretend to be a legitimate user. To protect yourself, update to the latest version of Dataease SQLBot.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| fit2cloud | sqlbot | <= 1.5.1 | – |
Original title
A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performin...
Original description
A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is said to be difficult. The exploit has been made public and could be used. A comment in the source code warns users about using this feature. The vendor was contacted early about this disclosure.
nvd CVSS2.0
2.6
nvd CVSS3.1
5.9
nvd CVSS4.0
6.3
Vulnerability type
CWE-345
CWE-347
Improper Verification of Cryptographic Signature
- https://github.com/yaowenxiao721/Poc/blob/main/SQLBot/SQLBot-JWT-Signature-Verif... Exploit Third Party Advisory
- https://vuldb.com/?ctiid.348292 Permissions Required VDB Entry
- https://vuldb.com/?id.348292 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.707291 Third Party Advisory VDB Entry
Published: 3 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026