CVE-2025-51458 Information

Jul 23, 2025 cve

Description

SQL Injection in editor_sql_run and query_ex in eosphoros-ai DB-GPT 0.7.0 allows remote attackers to execute arbitrary SQL statements via crafted input passed to the /v1/editor/sql/run or /v1/editor/chart/run endpoints interacting with api_editor_v1.editor_sql_run editor_chart_run and datasource.rdbms.base.query_ex.

Reference

https://github.com/eosphoros-ai/DB-GPT/pull/2650 https://www.gecko.security/blog/cve-2025-51458

CNNVD-202507-2916 (Published: 2025-07-22)

Share on:

CVE-2025-51458 Information

Description

Reference

Related CNNVD