CVE-2025-46579

High CVSS: 8.4

There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed.

Vendor

Zte

Product

Zxcloud Goldendb

CWE

CWE-94

Yayın Tarihi

2025-04-27 02:15:16

Güncelleme

2025-05-12 19:32:17

Source Identifier

psirt@zte.com.cn

KEV Date Added

Kategoriler

CWE-94 Zxcloud Goldendb HIGH Zte 2025

Referanslar

https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1036467615091601474

Benzer Kayıtlar

Medium

CVE-2025-66315

There is a configuration defect vulnerability in the version server of ZTE MF258K Pro products. Due to improper director…

High

CVE-2025-46580

There is a code-related vulnerability in the GoldenDB database product. Attackers can access system tables to disrupt th…

Medium

CVE-2025-46578

There are SQL injection vulnerabilities in multiple interfaces of the GoldenDB database product. Attackers can exploit t…

Medium

CVE-2025-46575

There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages…

Medium

CVE-2025-46576

There is a Permission Management and Access Control vulnerability in the GoldenDB database product. Attackers can manipu…

Medium

CVE-2025-46577

There is a SQL injection vulnerability in the GoldenDB database product. Attackers can inject commands to extract databa…