Auth bypass in Dataease Sqlbot

CVE-2025-69285

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.5.0 contain a missing authentication vulnerability in the /api/v1/datasource/uploadExcel endpoint, allowing a remote unauthenticated at…

Vulnerability class: Broken Authentication

EPSS: 0.001 (28.8th percentile) — read the EPSS interpretation.

Affected products

Dataease Sqlbot — versions < 1.5.0

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

References

https://github.com/dataease/SQLBot/security/advisories/GHSA-crfm-cch4-hjpv (x_refsource_CONFIRM)
https://github.com/dataease/SQLBot/releases/tag/v1.5.0 (x_refsource_MISC)