CVE-2025-21628 | Chatwoot up to 3.15.x API query_operator sql injection (GHSA-g8f9-hh83-rcq9)
A vulnerability was found in Chatwoot up to 3.15.x and classified as critical. This issue affects the function query_operator of the component API. The manipulation leads to sql injection.
The identification of this vulnerability is CVE-2025-21628. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.