CVE-2025-51458

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-51458

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-51458.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-51458

Published

2025-07-22T20:15:25.430Z

Modified

2026-04-10T05:29:20.039067Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

SQL Injection in editorsqlrun and queryex in eosphoros-ai DB-GPT 0.7.0 allows remote attackers to execute arbitrary SQL statements via crafted input passed to the /v1/editor/sql/run or /v1/editor/chart/run endpoints, interacting with apieditorv1.editorsqlrun, editorchartrun, and datasource.rdbms.base.queryex.

References

Affected packages

Git / github.com/eosphoros-ai/db-gpt

Affected ranges

Type

GIT

Repo

https://github.com/eosphoros-ai/db-gpt

Events

Introduced

Last affected

59771a09f33f28c585e30f9a099ab0c13e681f98

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.7.0"
        }
    ]
}

Affected versions

0.*

0.4.1

v0.*

v0.0.1

v0.0.2

v0.0.3

v0.0.4-alpha

v0.0.5-beta

v0.0.6

v0.0.7

v0.1.0

v0.1.1

v0.2.0

v0.2.1

v0.2.2

v0.2.3

v0.3.0

v0.3.1

v0.3.2

v0.3.3

v0.3.4

v0.3.5

v0.3.6

v0.3.7

v0.3.8

v0.3.9

v0.4.0

v0.4.2

v0.4.3

v0.4.4

v0.4.5

v0.4.6

v0.4.7

v0.5.0

v0.5.1

v0.5.10

v0.5.2

v0.5.3

v0.5.4

v0.5.5

v0.5.6

v0.5.7

v0.5.8

v0.5.9

v0.6.0

v0.6.1

v0.6.2

v0.6.3

v0.7.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-51458.json"