Vulnerability Information: - CVE ID: CVE-2025-15597 - GHSA ID: GHSA-H4XM-3Q3P-5G6R - VDB ID: VDB-348291 Severity Metrics: - CVSS Meta Temp Score: 5.7 - CTI Interest Score: 5.29 - Exploit Price Estimate: $0-$5k Summary: - A critical vulnerability impacts the file in Dataease SQLBot up to version 1.4.0, affecting an unknown function of API Endpoint. This results in an access control vulnerability. - The attack can be initiated remotely, and an exploit exists. Detailed Description: - The vulnerability involves unknown processing in , triggering an access control issue due to manipulation of unknown input. - CWE classification: CWE-284 (Improper Access Control), impacting confidentiality, integrity, and availability. - The exploitability is noted as easy. Additional Details: - MITRE ATT&CK Technique: T1068 (Bypass User Account Control) - A public exploit is available, and technical details can be found on GitHub.