CVE-2025-9148 MEDIUM

CVE-2025-9148: CodePhiliaX Chat2DB JDBC Connection DataSourceController.java sql injection

Vendor Codephiliax

Product Chat2DB

Weakness CWE-89 · SQLi

Published August 19, 2025

Last update August 19, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects an unknown function of the file ai/chat2db/server/web/api/controller/data/source/DataSourceController.java of the component JDBC Connection Handler. The manipulation results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

Disclosure timeline

August 19, 2025 CVE published

August 19, 2025 Record updated

Identifiers

CVE CVE-2025-9148

CWE CWE-89

CVSS 5.3 / MEDIUM

Affected versions

Vendor Codephiliax

Product Chat2DB

Affected 0.3.0

Vendor Codephiliax

Product Chat2DB

Affected 0.3.1

Vendor Codephiliax

Product Chat2DB

Affected 0.3.2

Vendor Codephiliax

Product Chat2DB

Affected 0.3.3

Vendor Codephiliax

Product Chat2DB

Affected 0.3.4

Vendor Codephiliax

Product Chat2DB

Affected 0.3.5

Vendor Codephiliax

Product Chat2DB

Affected 0.3.6

Vendor Codephiliax

Product Chat2DB

Affected 0.3.7