CVE-2025-15107
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-15107
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-15107.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-15107
- Aliases
- Published
- 2025-12-27T13:15:39.230Z
- Modified
- 2026-01-03T05:44:36.504654Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A security vulnerability has been detected in actiontech sqle up to 4.2511.0. The impacted element is an unknown function of the file sqle/utils/jwt.go of the component JWT Secret Handler. The manipulation of the argument JWTSecretKey leads to use of hard-coded cryptographic key . The attack is possible to be carried out remotely. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report and is planning to fix this flaw in an upcoming release.
- References
Affected packages
Git / github.com/actiontech/sqle
Affected ranges
- Type
- GIT
- Repo
- https://github.com/actiontech/sqle
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
3.*
3.2406.0-pre1
3.2406.0-pre2
v1.*
v1.2109.0
v1.2111.0-pre1
v1.2112.0-pre1
v1.2112.0-pre2
v1.2112.0-pre3
v1.2112.0-pre4
v1.2201.0-pre1
v1.2201.0-pre2
v1.2201.0-pre3
v1.2202.0
v1.2202.0-pre1
v1.2203.0
v1.2203.0-pre1
v1.2203.0-pre2
v1.2203.0-pre3
v1.2203.0-pre4
v1.2204.0-pre1
v1.2204.0-pre2
v1.2204.0-pre3
v1.2205.0
v1.2205.0-pre1
v1.2205.0-pre2
v1.2205.0-pre3
v1.2206.0
v1.2206.0-pre1
v1.2206.0-pre2
v1.2207.0
v1.2207.0-pre1
v1.2207.0-pre2
v1.2208.0
v1.2208.0-pre1
v1.2208.0-pre2
v1.2208.0-pre3
v1.2208.0-pre4
v1.2209.0
v1.2209.0-pre1
v1.2209.0-pre2
v1.2209.0-pre3
v1.2210.0
v1.2210.0-pre1
v1.2210.0-pre2
v2.*
v2.2211.0
v2.2211.0-pre1
v2.2211.0-pre2
v2.2211.0-pre3
v2.2211.0-pre4
v2.2212.0
v2.2212.0-pre1
v2.2212.0-pre2
v2.2212.0-pre3
v2.2302.0
v2.2302.0-pre1
v2.2302.0-pre2
v2.2302.0-pre3
v2.2302.0-pre4
v2.2302.0-pre5
v2.2303.0
v2.2303.0-pre1
v2.2303.0-pre2
v2.2303.0-pre3
v2.2303.0-pre4
v2.2304.0-pre1
v2.2304.0-pre2
v2.2304.0-pre3
v2.2305-pre2
v2.2305.0
v2.2305.0-pre1
v2.2305.0-pre2
v2.2305.0-pre3
v2.2305.0-pre4
v2.2306.0
v2.2306.0-pre1
v2.2306.0-pre2
v2.2306.0-pre3
v2.2307.0
v2.2307.0-pre1
v2.2307.0-pre2
v2.2307.0-pre3
v2.2308.0
v2.2308.0-pre1
v2.2308.0-pre2
v2.2308.0-pre3
v2.2308.1
v2.2309.0
v2.2309.0-pre1
v2.2309.0-pre2
v2.2309.0-pre3
v2.2309.0-pre4
v2.2310.0
v2.2310.0-pre1
v2.2310.0-pre2
v2.2310.0-pre3
v2.2311.0
v2.2311.0-pre1
v2.2311.0-pre2
v2.2311.0-pre3
v3.*
v3.2310.0
v3.2311.0
v3.2312.0
v3.2312.0-pre1
v3.2312.0-pre2
v3.2401.0
v3.2401.0-pre1
v3.2401.0-pre2
v3.2401.0-pre3
v3.2401.0-pre4
v3.2403.0
v3.2403.0-pre1
v3.2403.0-pre2
v3.2403.0-pre3
v3.2403.0-pre4
v3.2403.0-pre5
v3.2404.0
v3.2404.0-pre1
v3.2404.0-pre2
v3.2405.0
v3.2405.0-pre1
v3.2405.0-pre2
v3.2405.0-pre3
v3.2406.0
v3.2406.0-pre3
v3.2407.0
v3.2407.0-pre1
v3.2407.0-pre2
v3.2407.0-pre3
v3.2407.0-pre4
v3.2408.0
v3.2408.0-pre1
v3.2408.0-pre2
v3.2408.0-pre3
v3.2409.0
v3.2409.0-pre1
v3.2409.0-pre2
v3.2409.0-pre3
v3.2410.0
v3.2410.0-pre1
v3.2410.0-pre2
v3.2410.0-pre3
v3.2411.0
v3.2411.0-pre1
v3.2411.0-pre2
v3.2411.0-pre3
v3.2412.0
v3.2412.0-pre1
v3.2412.0-pre2
v3.2412.0-pre3
v4.*
v4.2502.0
v4.2502.0-pre1
v4.2502.0-pre2
v4.2502.0-pre3
v4.2502.0-pre4
v4.2502.0-pre5
v4.2503.0
v4.2503.0-pre1
v4.2503.0-pre2
v4.2503.0-pre3
v4.2504.0
v4.2504.0-pre1
v4.2504.0-pre2
v4.2504.0-pre3
v4.2505.0
v4.2505.0-pre1
v4.2505.0-pre2
v4.2505.0-pre3
v4.2505.1
v4.2506.0
v4.2507.0
v4.2510.0
v4.2511.0