CVE-2025-51458

None

Description

SQL Injection in editor_sql_run and query_ex in eosphoros-ai DB-GPT 0.7.0 allows remote attackers to execute arbitrary SQL statements via crafted input passed to the /v1/editor/sql/run or /v1/editor/chart/run endpoints, interacting with api_editor_v1.editor_sql_run, editor_chart_run, and datasource.rdbms.base.query_ex.

INFO

Published Date :

2025-07-22T00:00:00.000Z

Last Modified :

2025-07-22T20:09:21.425Z

Source :

mitre

AFFECTED PRODUCTS

The following products are affected by CVE-2025-51458 vulnerability.

Vendors	Products
Dbgpt	Db-gpt
Eosphoros-ai	Db-gpt

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-51458.

URL	Resource
https://github.com/eosphoros-ai/DB-GPT/pull/2650
https://www.gecko.security/blog/cve-2025-51458

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact