CVE-2025-15107
LOWActiontech SQLE <=4.2511.0 - Use of Hard-coded Cryptographic Key
Title source: llmDescription
A security vulnerability has been detected in actiontech sqle up to 4.2511.0. The impacted element is an unknown function of the file sqle/utils/jwt.go of the component JWT Secret Handler. The manipulation of the argument JWTSecretKey leads to use of hard-coded cryptographic key . The attack is possible to be carried out remotely. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report and is planning to fix this flaw in an upcoming release.
References (5)
Scores
CVSS v3
3.7
EPSS
0.0002
EPSS Percentile
4.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-320
CWE-321
CWE-798
Status
published
Products (2)
actionsky/sqle
< 4.2511.0
actiontech/sqle
0Go
Published
Dec 27, 2025
Tracked Since
Feb 18, 2026