CNNVD-202507-2916 Information

CNNVD ID

CNNVD-202507-2916

Related CVE

CVE-2025-51458

• CNNVD Published: 2025-07-22

Description (Chinese)

DB-GPT是eosphoros开源的一个基于 AWEL 和代理的 AI 原生数据应用开发框架。 DB-GPT 0.7.0版本存在安全漏洞，该漏洞源于editor_sql_run和query_ex容易受到SQL注入攻击，可能导致执行任意SQL语句。

Description (English)

DB-GPT is an AWEL and proxy-based AI application development framework for the open source of eosphoros. Version 0.7.0 of DB-GPT has a security loophole, which stems from the vulnerability of editor sql run and query ex to SQL injections, which may lead to the execution of any SQL statement.

Hazard Level

High

Vulnerability Type

SQL注入

Affected Vendor

eosphoros

Published

2025-07-22

Last Modified

2026-02-24

References

https://github.com/eosphoros-ai/DB-GPT/pull/2650 https://www.gecko.security/blog/cve-2025-51458 https://nvd.nist.gov/vuln/detail/CVE-2025-51458 https://access.redhat.com/security/cve/cve-2025-51458

Patch

http://docs.dbgpt.cn/docs/overview/