CVE-2025-51458 is a SQL Injection vulnerability identified in the eosphoros-ai DB-GPT version 0.7.0. The flaw exists in the functionality exposed by the /v1/editor/sql/run and /v1/editor/chart/run API endpoints, which internally invoke the api_editor_v1.editor_sql_run, editor_chart_run, and datasource.rdbms.base.query_ex components. An attacker can exploit this vulnerability by sending crafted input to these endpoints, which is improperly sanitized or validated, allowing arbitrary SQL statements to be executed on the backend database. This type of injection attack can lead to unauthorized data access, data manipulation, or even full compromise of the database server depending on the privileges of the database user context under which the queries are executed. The vulnerability is remote and does not require authentication, increasing the attack surface. Although no known exploits have been reported in the wild yet, the presence of this vulnerability in a database query interface used by DB-GPT—a tool likely designed for AI-driven database querying—makes it a critical concern. The lack of a CVSS score and absence of patch information indicates this is a recently disclosed vulnerability with limited public mitigation guidance at this time.

For European organizations, the impact of this SQL Injection vulnerability can be severe. Organizations using eosphoros-ai DB-GPT 0.7.0 for database querying or AI-assisted data analysis risk unauthorized exposure or modification of sensitive data, including personal data protected under GDPR. The ability to execute arbitrary SQL commands could lead to data breaches, data integrity loss, or disruption of critical business operations. This could result in regulatory penalties, reputational damage, and financial losses. Furthermore, attackers could leverage this vulnerability as a foothold to pivot into internal networks or escalate privileges, especially if the database server is integrated with other enterprise systems. Given the increasing adoption of AI tools in data processing workflows across European enterprises, this vulnerability poses a tangible risk to sectors such as finance, healthcare, and government agencies that rely heavily on data confidentiality and integrity.

Immediate mitigation steps include restricting access to the vulnerable API endpoints (/v1/editor/sql/run and /v1/editor/chart/run) through network-level controls such as firewalls or API gateways to limit exposure to trusted users only. Implementing strict input validation and sanitization on all user-supplied data before it reaches the database query execution layer is critical. Employing parameterized queries or prepared statements in the codebase can prevent SQL Injection by separating code from data. Organizations should monitor logs for suspicious query patterns indicative of injection attempts. Until an official patch is released, consider disabling or isolating the vulnerable DB-GPT components if feasible. Additionally, conducting a thorough security review of all AI-driven database interfaces and applying the principle of least privilege to database accounts used by these services will reduce potential damage. Finally, organizations should stay updated with vendor advisories for patches and apply them promptly once available.