CVE-2025-9148

Summary

A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects an unknown function of the file ai/chat2db/server/web/api/controller/data/source/DataSourceController.java of the component JDBC Connection Handler. The manipulation results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
CodePhiliaXChat2DB0.3.0affected
CodePhiliaXChat2DB0.3.1affected
CodePhiliaXChat2DB0.3.2affected
CodePhiliaXChat2DB0.3.3affected
CodePhiliaXChat2DB0.3.4affected
CodePhiliaXChat2DB0.3.5affected
CodePhiliaXChat2DB0.3.6affected
CodePhiliaXChat2DB0.3.7affected

Weaknesses

  • CWE-89: SQL Injection
  • CWE-74: Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

References