Vulnerabilites related to zte - zxcloud_goldendb
Vulnerability from fkie_nvd
Published
2025-04-27 02:15
Modified
2025-05-12 19:33
Severity ?
4.1 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zte | zxcloud_goldendb | * | |
| zte | zxcloud_goldendb | 7.2.01.01 | |
| zte | zxcloud_goldendb | 7.2.01.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5DC9861-1D01-4503-9554-968B45CCE5AF",
"versionEndExcluding": "6.1.03.11",
"versionStartIncluding": "6.1.03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:7.2.01.01:-:*:*:-:*:*:*",
"matchCriteriaId": "DFE2AA93-8A9F-4B65-A6FB-B27F09310467",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:7.2.01.01:-:*:*:lite:*:*:*",
"matchCriteriaId": "F2B3E467-C5A8-4575-93E3-5FE7838BFF2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system\u0027s sensitive information."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la base de datos GoldenDB. Los atacantes pueden explotar los mensajes de error para obtener informaci\u00f3n confidencial del sistema."
}
],
"id": "CVE-2025-46574",
"lastModified": "2025-05-12T19:33:19.740",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 3.4,
"source": "psirt@zte.com.cn",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-27T02:15:14.503",
"references": [
{
"source": "psirt@zte.com.cn",
"tags": [
"Vendor Advisory"
],
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4693390139849392200"
}
],
"sourceIdentifier": "psirt@zte.com.cn",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "psirt@zte.com.cn",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-27 03:15
Modified
2025-05-12 19:27
Severity ?
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
There is a code-related vulnerability in the GoldenDB database product. Attackers can access system tables to disrupt the normal operation of business SQL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zte | zxcloud_goldendb | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5DC9861-1D01-4503-9554-968B45CCE5AF",
"versionEndExcluding": "6.1.03.11",
"versionStartIncluding": "6.1.03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a code-related vulnerability in the GoldenDB database product. Attackers can access system tables to disrupt the normal operation of business SQL."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de c\u00f3digo en la base de datos GoldenDB. Los atacantes pueden acceder a las tablas del sistema para interrumpir el funcionamiento normal del SQL empresarial."
}
],
"id": "CVE-2025-46580",
"lastModified": "2025-05-12T19:27:23.917",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0,
"source": "psirt@zte.com.cn",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-27T03:15:15.610",
"references": [
{
"source": "psirt@zte.com.cn",
"tags": [
"Vendor Advisory"
],
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4828497866583347285"
}
],
"sourceIdentifier": "psirt@zte.com.cn",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "psirt@zte.com.cn",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-27 02:15
Modified
2025-05-12 19:32
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
There is a SQL injection vulnerability in the GoldenDB database product. Attackers can inject commands to extract database information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zte | zxcloud_goldendb | * | |
| zte | zxcloud_goldendb | 7.2.01.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5DC9861-1D01-4503-9554-968B45CCE5AF",
"versionEndExcluding": "6.1.03.11",
"versionStartIncluding": "6.1.03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:7.2.01.01:-:*:*:-:*:*:*",
"matchCriteriaId": "DFE2AA93-8A9F-4B65-A6FB-B27F09310467",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a SQL injection vulnerability in the GoldenDB database product. Attackers can inject commands to extract database information."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n SQL en la base de datos GoldenDB. Los atacantes pueden inyectar comandos para extraer informaci\u00f3n de la base de datos."
}
],
"id": "CVE-2025-46577",
"lastModified": "2025-05-12T19:32:45.263",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "psirt@zte.com.cn",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-27T02:15:15.953",
"references": [
{
"source": "psirt@zte.com.cn",
"tags": [
"Vendor Advisory"
],
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1036467615091601469"
}
],
"sourceIdentifier": "psirt@zte.com.cn",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "psirt@zte.com.cn",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-27 02:15
Modified
2025-05-12 19:32
Severity ?
8.4 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zte | zxcloud_goldendb | * | |
| zte | zxcloud_goldendb | 7.2.01.01 | |
| zte | zxcloud_goldendb | 7.2.01.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5DC9861-1D01-4503-9554-968B45CCE5AF",
"versionEndExcluding": "6.1.03.11",
"versionStartIncluding": "6.1.03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:7.2.01.01:-:*:*:-:*:*:*",
"matchCriteriaId": "DFE2AA93-8A9F-4B65-A6FB-B27F09310467",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:7.2.01.01:-:*:*:lite:*:*:*",
"matchCriteriaId": "F2B3E467-C5A8-4575-93E3-5FE7838BFF2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n DDE en la base de datos GoldenDB. Los atacantes pueden inyectar expresiones DDE a trav\u00e9s de la interfaz y, al descargar y abrir el archivo afectado, ejecutar los comandos DDE."
}
],
"id": "CVE-2025-46579",
"lastModified": "2025-05-12T19:32:17.170",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0,
"source": "psirt@zte.com.cn",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-27T02:15:16.203",
"references": [
{
"source": "psirt@zte.com.cn",
"tags": [
"Vendor Advisory"
],
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1036467615091601474"
}
],
"sourceIdentifier": "psirt@zte.com.cn",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "psirt@zte.com.cn",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-27 02:15
Modified
2025-05-12 19:32
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Summary
There is a Permission Management and Access Control vulnerability in the GoldenDB database product. Attackers can manipulate requests to bypass privilege restrictions and delete content.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zte | zxcloud_goldendb | 6.1.03.09 | |
| zte | zxcloud_goldendb | 6.1.03.10 | |
| zte | zxcloud_goldendb | 7.2.01.01 | |
| zte | zxcloud_goldendb | 7.2.01.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:6.1.03.09:*:*:*:*:*:*:*",
"matchCriteriaId": "80F81605-4C9A-463E-97B2-D25BF4C1337B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:6.1.03.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E9420A93-C4F9-4538-8F19-295EB94C6395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:7.2.01.01:-:*:*:-:*:*:*",
"matchCriteriaId": "DFE2AA93-8A9F-4B65-A6FB-B27F09310467",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:7.2.01.01:-:*:*:lite:*:*:*",
"matchCriteriaId": "F2B3E467-C5A8-4575-93E3-5FE7838BFF2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a Permission Management and Access Control vulnerability in the GoldenDB database product. Attackers can manipulate requests to bypass privilege restrictions and delete content."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de gesti\u00f3n de permisos y control de acceso en la base de datos GoldenDB. Los atacantes pueden manipular las solicitudes para eludir las restricciones de privilegios y eliminar contenido."
}
],
"id": "CVE-2025-46576",
"lastModified": "2025-05-12T19:32:59.980",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "psirt@zte.com.cn",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-27T02:15:15.830",
"references": [
{
"source": "psirt@zte.com.cn",
"tags": [
"Vendor Advisory"
],
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1036467615091601464"
}
],
"sourceIdentifier": "psirt@zte.com.cn",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "psirt@zte.com.cn",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-27 02:15
Modified
2025-05-12 19:33
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zte | zxcloud_goldendb | 6.1.03.09 | |
| zte | zxcloud_goldendb | 6.1.03.10 | |
| zte | zxcloud_goldendb | 7.2.01.01 | |
| zte | zxcloud_goldendb | 7.2.01.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:6.1.03.09:*:*:*:*:*:*:*",
"matchCriteriaId": "80F81605-4C9A-463E-97B2-D25BF4C1337B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:6.1.03.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E9420A93-C4F9-4538-8F19-295EB94C6395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:7.2.01.01:-:*:*:-:*:*:*",
"matchCriteriaId": "DFE2AA93-8A9F-4B65-A6FB-B27F09310467",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:7.2.01.01:-:*:*:lite:*:*:*",
"matchCriteriaId": "F2B3E467-C5A8-4575-93E3-5FE7838BFF2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system\u0027s sensitive information."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la base de datos GoldenDB. Los atacantes pueden explotar los mensajes de error para obtener informaci\u00f3n confidencial del sistema."
}
],
"id": "CVE-2025-46575",
"lastModified": "2025-05-12T19:33:14.970",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "psirt@zte.com.cn",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-27T02:15:15.690",
"references": [
{
"source": "psirt@zte.com.cn",
"tags": [
"Vendor Advisory"
],
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4693390139849392205"
}
],
"sourceIdentifier": "psirt@zte.com.cn",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "psirt@zte.com.cn",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-27 02:15
Modified
2025-05-12 19:32
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
There are SQL injection vulnerabilities in multiple interfaces of the GoldenDB database product. Attackers can exploit these interfaces to inject commands and extract sensitive database information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zte | zxcloud_goldendb | * | |
| zte | zxcloud_goldendb | 7.2.01.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5DC9861-1D01-4503-9554-968B45CCE5AF",
"versionEndExcluding": "6.1.03.11",
"versionStartIncluding": "6.1.03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:7.2.01.01:-:*:*:-:*:*:*",
"matchCriteriaId": "DFE2AA93-8A9F-4B65-A6FB-B27F09310467",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are SQL injection vulnerabilities in multiple interfaces of the GoldenDB database product. Attackers can exploit these interfaces to inject commands and extract sensitive database information."
},
{
"lang": "es",
"value": "Existen vulnerabilidades de inyecci\u00f3n SQL en varias interfaces del producto de base de datos GoldenDB. Los atacantes pueden explotar estas interfaces para inyectar comandos y extraer informaci\u00f3n confidencial de la base de datos."
}
],
"id": "CVE-2025-46578",
"lastModified": "2025-05-12T19:32:35.470",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "psirt@zte.com.cn",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-27T02:15:16.080",
"references": [
{
"source": "psirt@zte.com.cn",
"tags": [
"Vendor Advisory"
],
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4693390139849392210"
}
],
"sourceIdentifier": "psirt@zte.com.cn",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "psirt@zte.com.cn",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-46577 (GCVE-0-2025-46577)
Vulnerability from cvelistv5
Published
2025-04-27 01:21
Modified
2025-04-28 15:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
There is a SQL injection vulnerability in the GoldenDB database product. Attackers can inject commands to extract database information.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46577",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T13:41:21.976107Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T15:33:58.163Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "GoldenDB",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "6.1.03.10",
"status": "affected",
"version": "6.1.03",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.2.01.01",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is a SQL injection vulnerability in the GoldenDB database product. Attackers can inject commands to extract database information.\u003c/span\u003e"
}
],
"value": "There is a SQL injection vulnerability in the GoldenDB database product. Attackers can inject commands to extract database information."
}
],
"impacts": [
{
"capecId": "CAPEC-7",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-7 Blind SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-27T01:39:39.095Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1036467615091601469"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e6.1.03.11,7.2.01.01P1\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "6.1.03.11,7.2.01.01P1"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "ZTE GoldenDB Database product has an SQL injection vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2025-46577",
"datePublished": "2025-04-27T01:21:27.266Z",
"dateReserved": "2025-04-25T00:28:13.908Z",
"dateUpdated": "2025-04-28T15:33:58.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46576 (GCVE-0-2025-46576)
Vulnerability from cvelistv5
Published
2025-04-27 01:16
Modified
2025-04-28 15:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - Improper Privilege Management
Summary
There is a Permission Management and Access Control vulnerability in the GoldenDB database product. Attackers can manipulate requests to bypass privilege restrictions and delete content.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46576",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T13:41:28.282380Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T15:34:04.600Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "GoldenDB",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "6.1.03.10",
"status": "affected",
"version": "6.1.03.09",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "7.2.01.01",
"versionType": "custom"
},
{
"status": "affected",
"version": "Lite7.2.01.01",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is a Permission Management and Access Control vulnerability in the GoldenDB database product. Attackers can manipulate requests to bypass privilege restrictions and delete content.\u003c/span\u003e"
}
],
"value": "There is a Permission Management and Access Control vulnerability in the GoldenDB database product. Attackers can manipulate requests to bypass privilege restrictions and delete content."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-27T01:17:04.904Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1036467615091601464"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "6.1.03.11,7.2.01.01P1,Lite7.2.01.01P1\u003cbr\u003e"
}
],
"value": "6.1.03.11,7.2.01.01P1,Lite7.2.01.01P1"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "ZTE GoldenDB Database product has a privilege escalation vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2025-46576",
"datePublished": "2025-04-27T01:16:37.005Z",
"dateReserved": "2025-04-25T00:28:13.908Z",
"dateUpdated": "2025-04-28T15:34:04.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46579 (GCVE-0-2025-46579)
Vulnerability from cvelistv5
Published
2025-04-27 01:34
Modified
2025-04-28 15:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Summary
There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46579",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T13:41:07.717055Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T15:33:46.289Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "GoldenDB",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "6.1.03.10",
"status": "affected",
"version": "6.1.03",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.2.01.01",
"versionType": "custom"
},
{
"status": "affected",
"version": "Lite7.2.01.01",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed.\u003c/span\u003e"
}
],
"value": "There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-27T01:34:35.034Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1036467615091601474"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e6.1.03.11,7.2.01.01P1,Lite7.2.01.01P1\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "6.1.03.11,7.2.01.01P1,Lite7.2.01.01P1"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "ZTE GoldenDB Database product has a DDE injection vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2025-46579",
"datePublished": "2025-04-27T01:34:35.034Z",
"dateReserved": "2025-04-25T00:28:13.908Z",
"dateUpdated": "2025-04-28T15:33:46.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46574 (GCVE-0-2025-46574)
Vulnerability from cvelistv5
Published
2025-04-27 01:07
Modified
2025-04-28 15:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46574",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T13:41:53.779542Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T15:34:18.287Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "GoldenDB",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "6.1.03.10",
"status": "affected",
"version": "6.1.03",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.2.01.01",
"versionType": "custom"
},
{
"status": "affected",
"version": "Lite7.2.01.01",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system\u0027s sensitive information.\u003c/span\u003e"
}
],
"value": "There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system\u0027s sensitive information."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-27T01:07:30.168Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4693390139849392200"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e6.1.03.11,7.2.01.01P1,Lite7.2.01.01P1\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "6.1.03.11,7.2.01.01P1,Lite7.2.01.01P1"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "ZTE GoldenDB Database product has an input validation vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2025-46574",
"datePublished": "2025-04-27T01:07:29.152Z",
"dateReserved": "2025-04-25T00:28:13.907Z",
"dateUpdated": "2025-04-28T15:34:18.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46578 (GCVE-0-2025-46578)
Vulnerability from cvelistv5
Published
2025-04-27 01:30
Modified
2025-04-28 15:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
There are SQL injection vulnerabilities in multiple interfaces of the GoldenDB database product. Attackers can exploit these interfaces to inject commands and extract sensitive database information.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46578",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T13:41:16.101788Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T15:33:52.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "GoldenDB",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "6.1.03.10",
"status": "affected",
"version": "6.1.03",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.2.01.01",
"versionType": "custom"
},
{
"status": "affected",
"version": "Lite7.2.01.01",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere are SQL injection vulnerabilities in multiple interfaces of the GoldenDB database product. Attackers can exploit these interfaces to inject commands and extract sensitive database information.\u003c/span\u003e"
}
],
"value": "There are SQL injection vulnerabilities in multiple interfaces of the GoldenDB database product. Attackers can exploit these interfaces to inject commands and extract sensitive database information."
}
],
"impacts": [
{
"capecId": "CAPEC-7",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-7 Blind SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-27T01:30:44.990Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4693390139849392210"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "6.1.03.11,7.2.01.01P1,Lite7.2.01.01P1\u003cbr\u003e"
}
],
"value": "6.1.03.11,7.2.01.01P1,Lite7.2.01.01P1"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "ZTE GoldenDB Database product has SQL injection vulnerabilities in multiple interfaces",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2025-46578",
"datePublished": "2025-04-27T01:30:44.458Z",
"dateReserved": "2025-04-25T00:28:13.908Z",
"dateUpdated": "2025-04-28T15:33:52.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46580 (GCVE-0-2025-46580)
Vulnerability from cvelistv5
Published
2025-04-27 01:49
Modified
2025-04-28 15:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
There is a code-related vulnerability in the GoldenDB database product. Attackers can access system tables to disrupt the normal operation of business SQL.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46580",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T13:40:59.542828Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T15:33:38.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "GoldenDB",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "6.1.03.10",
"status": "affected",
"version": "6.1.03",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is a code-related vulnerability in the GoldenDB database product. Attackers can access system tables to disrupt the normal operation of business SQL.\u003c/span\u003e"
}
],
"value": "There is a code-related vulnerability in the GoldenDB database product. Attackers can access system tables to disrupt the normal operation of business SQL."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-27T01:49:16.856Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4828497866583347285"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "ZTE GoldenDB Database product has a code-related vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2025-46580",
"datePublished": "2025-04-27T01:49:16.856Z",
"dateReserved": "2025-04-25T00:28:13.909Z",
"dateUpdated": "2025-04-28T15:33:38.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46575 (GCVE-0-2025-46575)
Vulnerability from cvelistv5
Published
2025-04-27 01:12
Modified
2025-04-28 15:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Summary
There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46575",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T13:41:33.822407Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T15:34:10.224Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "GoldenDB",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "6.1.03.10",
"status": "affected",
"version": "6.1.03.09",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.2.01.01",
"versionType": "custom"
},
{
"status": "affected",
"version": "Lite7.2.01.01",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system\u0027s sensitive information.\u003c/span\u003e"
}
],
"value": "There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system\u0027s sensitive information."
}
],
"impacts": [
{
"capecId": "CAPEC-215",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-215 Fuzzing and observing application log data/errors for application mapping"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-27T01:12:36.738Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4693390139849392205"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e6.1.03.11,7.2.01.01P1,Lite7.2.01.01P1\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "6.1.03.11,7.2.01.01P1,Lite7.2.01.01P1"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "ZTE GoldenDB Database product has an information disclosure vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2025-46575",
"datePublished": "2025-04-27T01:12:36.738Z",
"dateReserved": "2025-04-25T00:28:13.908Z",
"dateUpdated": "2025-04-28T15:34:10.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}