CVE-2025-15107

A security vulnerability has been detected in actiontech sqle up to 4.2511.0. The impacted element is an unknown function of the file sqle/utils/jwt.go of the component JWT Secret Handler. The manipulation of the argument JWTSecretKey leads to use of hard-coded cryptographic key . The attack is possible to be carried out remotely. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report and is planning to fix this flaw in an upcoming release.

CVSS v3 3.7 LOW
CVSS v2.0 2.6 LOW

3.7^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/actiontech/sqle/issues/3186	Exploit Third Party Advisory
https://github.com/actiontech/sqle/milestone/53	Exploit
https://vuldb.com/?ctiid.338478	Permissions Required VDB Entry
https://vuldb.com/?id.338478	Third Party Advisory VDB Entry
https://vuldb.com/?submit.710380	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:actionsky:sqle:*:*:*:*:*:*:*:*

History

31 Dec 2025, 22:38

Type	Values Removed	Values Added
References	~~() https://github.com/actiontech/sqle/issues/3186 -~~	() https://github.com/actiontech/sqle/issues/3186 - Exploit, Third Party Advisory
References	~~() https://github.com/actiontech/sqle/milestone/53 -~~	() https://github.com/actiontech/sqle/milestone/53 - Exploit
References	~~() https://vuldb.com/?ctiid.338478 -~~	() https://vuldb.com/?ctiid.338478 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.338478 -~~	() https://vuldb.com/?id.338478 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.710380 -~~	() https://vuldb.com/?submit.710380 - Third Party Advisory, VDB Entry
CPE		cpe:2.3:a:actionsky:sqle::::::::
CWE		CWE-798
First Time		Actionsky Actionsky sqle

27 Dec 2025, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-12-27 13:15

Updated : 2025-12-31 22:38

NVD link : CVE-2025-15107

Mitre link : CVE-2025-15107

CVE.ORG link : CVE-2025-15107

JSON object : View

Products Affected

actionsky

sqle

CWE

CWE-320

Key Management Errors

CWE-321

Use of Hard-coded Cryptographic Key

CWE-798

Use of Hard-coded Credentials

3.7 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.6 /10

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2025-15107

3.7^/10

2.6^/10

Attach tags to `CVE-2025-15107`