CNNVD-202512-4847 Information
Dec 27, 2025
cve
CNNVD ID
CNNVD-202512-4847
Related CVE
- CNNVD Published: 2025-12-27
Description (Chinese)
SQLE是ActionTech开源的一个数据库。 SQLE 4.2511.0及之前版本存在安全漏洞,该漏洞源于对文件sqle/utils/jwt.go中参数JWTSecretKey的错误操作,可能导致使用硬编码密钥。
Description (English)
SQLE is a database of actiontech open sources. There is a security loophole in SQLE 4.2511.0 and previous versions, which stems from an error in the argument JWTSecretKey in file sqle/utils/jwt.go, which may lead to the use of a hard code key.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
ActionTech
Published
2025-12-27
Last Modified
2026-02-24
References
https://vuldb.com/?submit.710380 https://github.com/actiontech/sqle/issues/3186 https://vuldb.com/?ctiid.338478 https://github.com/actiontech/sqle/milestone/53 https://vuldb.com/?id.338478 https://access.redhat.com/security/cve/cve-2025-15107
Share on: