{"data":{"id":"bebc97c0-e80d-4150-a5e4-5681eb547c0e","title":"CVE-2025-69285: SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.5.0 contain a mi","summary":"SQLBot is a data query system that uses a large language model and RAG (retrieval-augmented generation, where an AI pulls in external documents to answer questions) to help users query databases. Versions before 1.5.0 have a missing authentication vulnerability in a file upload endpoint that allows attackers without login credentials to upload Excel or CSV files and insert data directly into the database, because the endpoint was added to a whitelist that skips security checks.","solution":"Update to version 1.5.0 or later, where the vulnerability has been fixed.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-69285","publishedAt":"2026-01-21T21:16:07.380Z","cveId":"CVE-2025-69285","cweIds":["CWE-306"],"cvssScore":"6.1","cvssSeverity":"medium","severity":"medium","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["SQLBot"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00109,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-115"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"rag","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}