Search criteria
21 vulnerabilities found for zxcloud_goldendb by zte
FKIE_CVE-2025-46580
Vulnerability from fkie_nvd - Published: 2025-04-27 03:15 - Updated: 2025-05-12 19:27
Severity ?
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
There is a code-related vulnerability in the GoldenDB database product. Attackers can access system tables to disrupt the normal operation of business SQL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zte | zxcloud_goldendb | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5DC9861-1D01-4503-9554-968B45CCE5AF",
"versionEndExcluding": "6.1.03.11",
"versionStartIncluding": "6.1.03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a code-related vulnerability in the GoldenDB database product. Attackers can access system tables to disrupt the normal operation of business SQL."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de c\u00f3digo en la base de datos GoldenDB. Los atacantes pueden acceder a las tablas del sistema para interrumpir el funcionamiento normal del SQL empresarial."
}
],
"id": "CVE-2025-46580",
"lastModified": "2025-05-12T19:27:23.917",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0,
"source": "psirt@zte.com.cn",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-27T03:15:15.610",
"references": [
{
"source": "psirt@zte.com.cn",
"tags": [
"Vendor Advisory"
],
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4828497866583347285"
}
],
"sourceIdentifier": "psirt@zte.com.cn",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "psirt@zte.com.cn",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-46579
Vulnerability from fkie_nvd - Published: 2025-04-27 02:15 - Updated: 2025-05-12 19:32
Severity ?
8.4 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zte | zxcloud_goldendb | * | |
| zte | zxcloud_goldendb | 7.2.01.01 | |
| zte | zxcloud_goldendb | 7.2.01.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5DC9861-1D01-4503-9554-968B45CCE5AF",
"versionEndExcluding": "6.1.03.11",
"versionStartIncluding": "6.1.03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:7.2.01.01:-:*:*:-:*:*:*",
"matchCriteriaId": "DFE2AA93-8A9F-4B65-A6FB-B27F09310467",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:7.2.01.01:-:*:*:lite:*:*:*",
"matchCriteriaId": "F2B3E467-C5A8-4575-93E3-5FE7838BFF2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n DDE en la base de datos GoldenDB. Los atacantes pueden inyectar expresiones DDE a trav\u00e9s de la interfaz y, al descargar y abrir el archivo afectado, ejecutar los comandos DDE."
}
],
"id": "CVE-2025-46579",
"lastModified": "2025-05-12T19:32:17.170",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0,
"source": "psirt@zte.com.cn",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-27T02:15:16.203",
"references": [
{
"source": "psirt@zte.com.cn",
"tags": [
"Vendor Advisory"
],
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1036467615091601474"
}
],
"sourceIdentifier": "psirt@zte.com.cn",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "psirt@zte.com.cn",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-46578
Vulnerability from fkie_nvd - Published: 2025-04-27 02:15 - Updated: 2025-05-12 19:32
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
There are SQL injection vulnerabilities in multiple interfaces of the GoldenDB database product. Attackers can exploit these interfaces to inject commands and extract sensitive database information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zte | zxcloud_goldendb | * | |
| zte | zxcloud_goldendb | 7.2.01.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5DC9861-1D01-4503-9554-968B45CCE5AF",
"versionEndExcluding": "6.1.03.11",
"versionStartIncluding": "6.1.03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:7.2.01.01:-:*:*:-:*:*:*",
"matchCriteriaId": "DFE2AA93-8A9F-4B65-A6FB-B27F09310467",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are SQL injection vulnerabilities in multiple interfaces of the GoldenDB database product. Attackers can exploit these interfaces to inject commands and extract sensitive database information."
},
{
"lang": "es",
"value": "Existen vulnerabilidades de inyecci\u00f3n SQL en varias interfaces del producto de base de datos GoldenDB. Los atacantes pueden explotar estas interfaces para inyectar comandos y extraer informaci\u00f3n confidencial de la base de datos."
}
],
"id": "CVE-2025-46578",
"lastModified": "2025-05-12T19:32:35.470",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "psirt@zte.com.cn",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-27T02:15:16.080",
"references": [
{
"source": "psirt@zte.com.cn",
"tags": [
"Vendor Advisory"
],
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4693390139849392210"
}
],
"sourceIdentifier": "psirt@zte.com.cn",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "psirt@zte.com.cn",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-46577
Vulnerability from fkie_nvd - Published: 2025-04-27 02:15 - Updated: 2025-05-12 19:32
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
There is a SQL injection vulnerability in the GoldenDB database product. Attackers can inject commands to extract database information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zte | zxcloud_goldendb | * | |
| zte | zxcloud_goldendb | 7.2.01.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5DC9861-1D01-4503-9554-968B45CCE5AF",
"versionEndExcluding": "6.1.03.11",
"versionStartIncluding": "6.1.03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:7.2.01.01:-:*:*:-:*:*:*",
"matchCriteriaId": "DFE2AA93-8A9F-4B65-A6FB-B27F09310467",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a SQL injection vulnerability in the GoldenDB database product. Attackers can inject commands to extract database information."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n SQL en la base de datos GoldenDB. Los atacantes pueden inyectar comandos para extraer informaci\u00f3n de la base de datos."
}
],
"id": "CVE-2025-46577",
"lastModified": "2025-05-12T19:32:45.263",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "psirt@zte.com.cn",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-27T02:15:15.953",
"references": [
{
"source": "psirt@zte.com.cn",
"tags": [
"Vendor Advisory"
],
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1036467615091601469"
}
],
"sourceIdentifier": "psirt@zte.com.cn",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "psirt@zte.com.cn",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-46576
Vulnerability from fkie_nvd - Published: 2025-04-27 02:15 - Updated: 2025-05-12 19:32
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Summary
There is a Permission Management and Access Control vulnerability in the GoldenDB database product. Attackers can manipulate requests to bypass privilege restrictions and delete content.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zte | zxcloud_goldendb | 6.1.03.09 | |
| zte | zxcloud_goldendb | 6.1.03.10 | |
| zte | zxcloud_goldendb | 7.2.01.01 | |
| zte | zxcloud_goldendb | 7.2.01.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:6.1.03.09:*:*:*:*:*:*:*",
"matchCriteriaId": "80F81605-4C9A-463E-97B2-D25BF4C1337B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:6.1.03.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E9420A93-C4F9-4538-8F19-295EB94C6395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:7.2.01.01:-:*:*:-:*:*:*",
"matchCriteriaId": "DFE2AA93-8A9F-4B65-A6FB-B27F09310467",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:7.2.01.01:-:*:*:lite:*:*:*",
"matchCriteriaId": "F2B3E467-C5A8-4575-93E3-5FE7838BFF2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a Permission Management and Access Control vulnerability in the GoldenDB database product. Attackers can manipulate requests to bypass privilege restrictions and delete content."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de gesti\u00f3n de permisos y control de acceso en la base de datos GoldenDB. Los atacantes pueden manipular las solicitudes para eludir las restricciones de privilegios y eliminar contenido."
}
],
"id": "CVE-2025-46576",
"lastModified": "2025-05-12T19:32:59.980",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "psirt@zte.com.cn",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-27T02:15:15.830",
"references": [
{
"source": "psirt@zte.com.cn",
"tags": [
"Vendor Advisory"
],
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1036467615091601464"
}
],
"sourceIdentifier": "psirt@zte.com.cn",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "psirt@zte.com.cn",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-46575
Vulnerability from fkie_nvd - Published: 2025-04-27 02:15 - Updated: 2025-05-12 19:33
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zte | zxcloud_goldendb | 6.1.03.09 | |
| zte | zxcloud_goldendb | 6.1.03.10 | |
| zte | zxcloud_goldendb | 7.2.01.01 | |
| zte | zxcloud_goldendb | 7.2.01.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:6.1.03.09:*:*:*:*:*:*:*",
"matchCriteriaId": "80F81605-4C9A-463E-97B2-D25BF4C1337B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:6.1.03.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E9420A93-C4F9-4538-8F19-295EB94C6395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:7.2.01.01:-:*:*:-:*:*:*",
"matchCriteriaId": "DFE2AA93-8A9F-4B65-A6FB-B27F09310467",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:7.2.01.01:-:*:*:lite:*:*:*",
"matchCriteriaId": "F2B3E467-C5A8-4575-93E3-5FE7838BFF2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system\u0027s sensitive information."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la base de datos GoldenDB. Los atacantes pueden explotar los mensajes de error para obtener informaci\u00f3n confidencial del sistema."
}
],
"id": "CVE-2025-46575",
"lastModified": "2025-05-12T19:33:14.970",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "psirt@zte.com.cn",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-27T02:15:15.690",
"references": [
{
"source": "psirt@zte.com.cn",
"tags": [
"Vendor Advisory"
],
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4693390139849392205"
}
],
"sourceIdentifier": "psirt@zte.com.cn",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "psirt@zte.com.cn",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-46574
Vulnerability from fkie_nvd - Published: 2025-04-27 02:15 - Updated: 2025-05-12 19:33
Severity ?
4.1 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zte | zxcloud_goldendb | * | |
| zte | zxcloud_goldendb | 7.2.01.01 | |
| zte | zxcloud_goldendb | 7.2.01.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5DC9861-1D01-4503-9554-968B45CCE5AF",
"versionEndExcluding": "6.1.03.11",
"versionStartIncluding": "6.1.03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:7.2.01.01:-:*:*:-:*:*:*",
"matchCriteriaId": "DFE2AA93-8A9F-4B65-A6FB-B27F09310467",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zte:zxcloud_goldendb:7.2.01.01:-:*:*:lite:*:*:*",
"matchCriteriaId": "F2B3E467-C5A8-4575-93E3-5FE7838BFF2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system\u0027s sensitive information."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la base de datos GoldenDB. Los atacantes pueden explotar los mensajes de error para obtener informaci\u00f3n confidencial del sistema."
}
],
"id": "CVE-2025-46574",
"lastModified": "2025-05-12T19:33:19.740",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 3.4,
"source": "psirt@zte.com.cn",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-27T02:15:14.503",
"references": [
{
"source": "psirt@zte.com.cn",
"tags": [
"Vendor Advisory"
],
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4693390139849392200"
}
],
"sourceIdentifier": "psirt@zte.com.cn",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "psirt@zte.com.cn",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-46580 (GCVE-0-2025-46580)
Vulnerability from cvelistv5 – Published: 2025-04-27 01:49 – Updated: 2025-04-28 15:33
VLAI?
Title
ZTE GoldenDB Database product has a code-related vulnerability
Summary
There is a code-related vulnerability in the GoldenDB database product. Attackers can access system tables to disrupt the normal operation of business SQL.
Severity ?
7.7 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46580",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T13:40:59.542828Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T15:33:38.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "GoldenDB",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "6.1.03.10",
"status": "affected",
"version": "6.1.03",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is a code-related vulnerability in the GoldenDB database product. Attackers can access system tables to disrupt the normal operation of business SQL.\u003c/span\u003e"
}
],
"value": "There is a code-related vulnerability in the GoldenDB database product. Attackers can access system tables to disrupt the normal operation of business SQL."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-27T01:49:16.856Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4828497866583347285"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "ZTE GoldenDB Database product has a code-related vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2025-46580",
"datePublished": "2025-04-27T01:49:16.856Z",
"dateReserved": "2025-04-25T00:28:13.909Z",
"dateUpdated": "2025-04-28T15:33:38.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46579 (GCVE-0-2025-46579)
Vulnerability from cvelistv5 – Published: 2025-04-27 01:34 – Updated: 2025-04-28 15:33
VLAI?
Title
ZTE GoldenDB Database product has a DDE injection vulnerability
Summary
There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed.
Severity ?
8.4 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46579",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T13:41:07.717055Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T15:33:46.289Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "GoldenDB",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "6.1.03.10",
"status": "affected",
"version": "6.1.03",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.2.01.01",
"versionType": "custom"
},
{
"status": "affected",
"version": "Lite7.2.01.01",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed.\u003c/span\u003e"
}
],
"value": "There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-27T01:34:35.034Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1036467615091601474"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e6.1.03.11,7.2.01.01P1,Lite7.2.01.01P1\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "6.1.03.11,7.2.01.01P1,Lite7.2.01.01P1"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "ZTE GoldenDB Database product has a DDE injection vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2025-46579",
"datePublished": "2025-04-27T01:34:35.034Z",
"dateReserved": "2025-04-25T00:28:13.908Z",
"dateUpdated": "2025-04-28T15:33:46.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46578 (GCVE-0-2025-46578)
Vulnerability from cvelistv5 – Published: 2025-04-27 01:30 – Updated: 2025-04-28 15:33
VLAI?
Title
ZTE GoldenDB Database product has SQL injection vulnerabilities in multiple interfaces
Summary
There are SQL injection vulnerabilities in multiple interfaces of the GoldenDB database product. Attackers can exploit these interfaces to inject commands and extract sensitive database information.
Severity ?
6.5 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46578",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T13:41:16.101788Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T15:33:52.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "GoldenDB",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "6.1.03.10",
"status": "affected",
"version": "6.1.03",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.2.01.01",
"versionType": "custom"
},
{
"status": "affected",
"version": "Lite7.2.01.01",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere are SQL injection vulnerabilities in multiple interfaces of the GoldenDB database product. Attackers can exploit these interfaces to inject commands and extract sensitive database information.\u003c/span\u003e"
}
],
"value": "There are SQL injection vulnerabilities in multiple interfaces of the GoldenDB database product. Attackers can exploit these interfaces to inject commands and extract sensitive database information."
}
],
"impacts": [
{
"capecId": "CAPEC-7",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-7 Blind SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-27T01:30:44.990Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4693390139849392210"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "6.1.03.11,7.2.01.01P1,Lite7.2.01.01P1\u003cbr\u003e"
}
],
"value": "6.1.03.11,7.2.01.01P1,Lite7.2.01.01P1"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "ZTE GoldenDB Database product has SQL injection vulnerabilities in multiple interfaces",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2025-46578",
"datePublished": "2025-04-27T01:30:44.458Z",
"dateReserved": "2025-04-25T00:28:13.908Z",
"dateUpdated": "2025-04-28T15:33:52.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46577 (GCVE-0-2025-46577)
Vulnerability from cvelistv5 – Published: 2025-04-27 01:21 – Updated: 2025-04-28 15:33
VLAI?
Title
ZTE GoldenDB Database product has an SQL injection vulnerability
Summary
There is a SQL injection vulnerability in the GoldenDB database product. Attackers can inject commands to extract database information.
Severity ?
6.5 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46577",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T13:41:21.976107Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T15:33:58.163Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "GoldenDB",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "6.1.03.10",
"status": "affected",
"version": "6.1.03",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.2.01.01",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is a SQL injection vulnerability in the GoldenDB database product. Attackers can inject commands to extract database information.\u003c/span\u003e"
}
],
"value": "There is a SQL injection vulnerability in the GoldenDB database product. Attackers can inject commands to extract database information."
}
],
"impacts": [
{
"capecId": "CAPEC-7",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-7 Blind SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-27T01:39:39.095Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1036467615091601469"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e6.1.03.11,7.2.01.01P1\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "6.1.03.11,7.2.01.01P1"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "ZTE GoldenDB Database product has an SQL injection vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2025-46577",
"datePublished": "2025-04-27T01:21:27.266Z",
"dateReserved": "2025-04-25T00:28:13.908Z",
"dateUpdated": "2025-04-28T15:33:58.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46576 (GCVE-0-2025-46576)
Vulnerability from cvelistv5 – Published: 2025-04-27 01:16 – Updated: 2025-04-28 15:34
VLAI?
Title
ZTE GoldenDB Database product has a privilege escalation vulnerability
Summary
There is a Permission Management and Access Control vulnerability in the GoldenDB database product. Attackers can manipulate requests to bypass privilege restrictions and delete content.
Severity ?
5.4 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46576",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T13:41:28.282380Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T15:34:04.600Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "GoldenDB",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "6.1.03.10",
"status": "affected",
"version": "6.1.03.09",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "7.2.01.01",
"versionType": "custom"
},
{
"status": "affected",
"version": "Lite7.2.01.01",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is a Permission Management and Access Control vulnerability in the GoldenDB database product. Attackers can manipulate requests to bypass privilege restrictions and delete content.\u003c/span\u003e"
}
],
"value": "There is a Permission Management and Access Control vulnerability in the GoldenDB database product. Attackers can manipulate requests to bypass privilege restrictions and delete content."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-27T01:17:04.904Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1036467615091601464"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "6.1.03.11,7.2.01.01P1,Lite7.2.01.01P1\u003cbr\u003e"
}
],
"value": "6.1.03.11,7.2.01.01P1,Lite7.2.01.01P1"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "ZTE GoldenDB Database product has a privilege escalation vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2025-46576",
"datePublished": "2025-04-27T01:16:37.005Z",
"dateReserved": "2025-04-25T00:28:13.908Z",
"dateUpdated": "2025-04-28T15:34:04.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46575 (GCVE-0-2025-46575)
Vulnerability from cvelistv5 – Published: 2025-04-27 01:12 – Updated: 2025-04-28 15:34
VLAI?
Title
ZTE GoldenDB Database product has an information disclosure vulnerability
Summary
There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information.
Severity ?
4.9 (Medium)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46575",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T13:41:33.822407Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T15:34:10.224Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "GoldenDB",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "6.1.03.10",
"status": "affected",
"version": "6.1.03.09",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.2.01.01",
"versionType": "custom"
},
{
"status": "affected",
"version": "Lite7.2.01.01",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system\u0027s sensitive information.\u003c/span\u003e"
}
],
"value": "There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system\u0027s sensitive information."
}
],
"impacts": [
{
"capecId": "CAPEC-215",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-215 Fuzzing and observing application log data/errors for application mapping"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-27T01:12:36.738Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4693390139849392205"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e6.1.03.11,7.2.01.01P1,Lite7.2.01.01P1\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "6.1.03.11,7.2.01.01P1,Lite7.2.01.01P1"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "ZTE GoldenDB Database product has an information disclosure vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2025-46575",
"datePublished": "2025-04-27T01:12:36.738Z",
"dateReserved": "2025-04-25T00:28:13.908Z",
"dateUpdated": "2025-04-28T15:34:10.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46574 (GCVE-0-2025-46574)
Vulnerability from cvelistv5 – Published: 2025-04-27 01:07 – Updated: 2025-04-28 15:34
VLAI?
Title
ZTE GoldenDB Database product has an input validation vulnerability
Summary
There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information.
Severity ?
4.1 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46574",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T13:41:53.779542Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T15:34:18.287Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "GoldenDB",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "6.1.03.10",
"status": "affected",
"version": "6.1.03",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.2.01.01",
"versionType": "custom"
},
{
"status": "affected",
"version": "Lite7.2.01.01",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system\u0027s sensitive information.\u003c/span\u003e"
}
],
"value": "There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system\u0027s sensitive information."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-27T01:07:30.168Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4693390139849392200"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e6.1.03.11,7.2.01.01P1,Lite7.2.01.01P1\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "6.1.03.11,7.2.01.01P1,Lite7.2.01.01P1"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "ZTE GoldenDB Database product has an input validation vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2025-46574",
"datePublished": "2025-04-27T01:07:29.152Z",
"dateReserved": "2025-04-25T00:28:13.907Z",
"dateUpdated": "2025-04-28T15:34:18.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46580 (GCVE-0-2025-46580)
Vulnerability from nvd – Published: 2025-04-27 01:49 – Updated: 2025-04-28 15:33
VLAI?
Title
ZTE GoldenDB Database product has a code-related vulnerability
Summary
There is a code-related vulnerability in the GoldenDB database product. Attackers can access system tables to disrupt the normal operation of business SQL.
Severity ?
7.7 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46580",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T13:40:59.542828Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T15:33:38.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "GoldenDB",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "6.1.03.10",
"status": "affected",
"version": "6.1.03",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is a code-related vulnerability in the GoldenDB database product. Attackers can access system tables to disrupt the normal operation of business SQL.\u003c/span\u003e"
}
],
"value": "There is a code-related vulnerability in the GoldenDB database product. Attackers can access system tables to disrupt the normal operation of business SQL."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-27T01:49:16.856Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4828497866583347285"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "ZTE GoldenDB Database product has a code-related vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2025-46580",
"datePublished": "2025-04-27T01:49:16.856Z",
"dateReserved": "2025-04-25T00:28:13.909Z",
"dateUpdated": "2025-04-28T15:33:38.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46579 (GCVE-0-2025-46579)
Vulnerability from nvd – Published: 2025-04-27 01:34 – Updated: 2025-04-28 15:33
VLAI?
Title
ZTE GoldenDB Database product has a DDE injection vulnerability
Summary
There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed.
Severity ?
8.4 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46579",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T13:41:07.717055Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T15:33:46.289Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "GoldenDB",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "6.1.03.10",
"status": "affected",
"version": "6.1.03",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.2.01.01",
"versionType": "custom"
},
{
"status": "affected",
"version": "Lite7.2.01.01",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed.\u003c/span\u003e"
}
],
"value": "There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-27T01:34:35.034Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1036467615091601474"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e6.1.03.11,7.2.01.01P1,Lite7.2.01.01P1\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "6.1.03.11,7.2.01.01P1,Lite7.2.01.01P1"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "ZTE GoldenDB Database product has a DDE injection vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2025-46579",
"datePublished": "2025-04-27T01:34:35.034Z",
"dateReserved": "2025-04-25T00:28:13.908Z",
"dateUpdated": "2025-04-28T15:33:46.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46578 (GCVE-0-2025-46578)
Vulnerability from nvd – Published: 2025-04-27 01:30 – Updated: 2025-04-28 15:33
VLAI?
Title
ZTE GoldenDB Database product has SQL injection vulnerabilities in multiple interfaces
Summary
There are SQL injection vulnerabilities in multiple interfaces of the GoldenDB database product. Attackers can exploit these interfaces to inject commands and extract sensitive database information.
Severity ?
6.5 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46578",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T13:41:16.101788Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T15:33:52.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "GoldenDB",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "6.1.03.10",
"status": "affected",
"version": "6.1.03",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.2.01.01",
"versionType": "custom"
},
{
"status": "affected",
"version": "Lite7.2.01.01",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere are SQL injection vulnerabilities in multiple interfaces of the GoldenDB database product. Attackers can exploit these interfaces to inject commands and extract sensitive database information.\u003c/span\u003e"
}
],
"value": "There are SQL injection vulnerabilities in multiple interfaces of the GoldenDB database product. Attackers can exploit these interfaces to inject commands and extract sensitive database information."
}
],
"impacts": [
{
"capecId": "CAPEC-7",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-7 Blind SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-27T01:30:44.990Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4693390139849392210"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "6.1.03.11,7.2.01.01P1,Lite7.2.01.01P1\u003cbr\u003e"
}
],
"value": "6.1.03.11,7.2.01.01P1,Lite7.2.01.01P1"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "ZTE GoldenDB Database product has SQL injection vulnerabilities in multiple interfaces",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2025-46578",
"datePublished": "2025-04-27T01:30:44.458Z",
"dateReserved": "2025-04-25T00:28:13.908Z",
"dateUpdated": "2025-04-28T15:33:52.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46577 (GCVE-0-2025-46577)
Vulnerability from nvd – Published: 2025-04-27 01:21 – Updated: 2025-04-28 15:33
VLAI?
Title
ZTE GoldenDB Database product has an SQL injection vulnerability
Summary
There is a SQL injection vulnerability in the GoldenDB database product. Attackers can inject commands to extract database information.
Severity ?
6.5 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46577",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T13:41:21.976107Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T15:33:58.163Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "GoldenDB",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "6.1.03.10",
"status": "affected",
"version": "6.1.03",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.2.01.01",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is a SQL injection vulnerability in the GoldenDB database product. Attackers can inject commands to extract database information.\u003c/span\u003e"
}
],
"value": "There is a SQL injection vulnerability in the GoldenDB database product. Attackers can inject commands to extract database information."
}
],
"impacts": [
{
"capecId": "CAPEC-7",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-7 Blind SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-27T01:39:39.095Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1036467615091601469"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e6.1.03.11,7.2.01.01P1\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "6.1.03.11,7.2.01.01P1"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "ZTE GoldenDB Database product has an SQL injection vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2025-46577",
"datePublished": "2025-04-27T01:21:27.266Z",
"dateReserved": "2025-04-25T00:28:13.908Z",
"dateUpdated": "2025-04-28T15:33:58.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46576 (GCVE-0-2025-46576)
Vulnerability from nvd – Published: 2025-04-27 01:16 – Updated: 2025-04-28 15:34
VLAI?
Title
ZTE GoldenDB Database product has a privilege escalation vulnerability
Summary
There is a Permission Management and Access Control vulnerability in the GoldenDB database product. Attackers can manipulate requests to bypass privilege restrictions and delete content.
Severity ?
5.4 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46576",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T13:41:28.282380Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T15:34:04.600Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "GoldenDB",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "6.1.03.10",
"status": "affected",
"version": "6.1.03.09",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "7.2.01.01",
"versionType": "custom"
},
{
"status": "affected",
"version": "Lite7.2.01.01",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is a Permission Management and Access Control vulnerability in the GoldenDB database product. Attackers can manipulate requests to bypass privilege restrictions and delete content.\u003c/span\u003e"
}
],
"value": "There is a Permission Management and Access Control vulnerability in the GoldenDB database product. Attackers can manipulate requests to bypass privilege restrictions and delete content."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-27T01:17:04.904Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1036467615091601464"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "6.1.03.11,7.2.01.01P1,Lite7.2.01.01P1\u003cbr\u003e"
}
],
"value": "6.1.03.11,7.2.01.01P1,Lite7.2.01.01P1"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "ZTE GoldenDB Database product has a privilege escalation vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2025-46576",
"datePublished": "2025-04-27T01:16:37.005Z",
"dateReserved": "2025-04-25T00:28:13.908Z",
"dateUpdated": "2025-04-28T15:34:04.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46575 (GCVE-0-2025-46575)
Vulnerability from nvd – Published: 2025-04-27 01:12 – Updated: 2025-04-28 15:34
VLAI?
Title
ZTE GoldenDB Database product has an information disclosure vulnerability
Summary
There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information.
Severity ?
4.9 (Medium)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46575",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T13:41:33.822407Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T15:34:10.224Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "GoldenDB",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "6.1.03.10",
"status": "affected",
"version": "6.1.03.09",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.2.01.01",
"versionType": "custom"
},
{
"status": "affected",
"version": "Lite7.2.01.01",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system\u0027s sensitive information.\u003c/span\u003e"
}
],
"value": "There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system\u0027s sensitive information."
}
],
"impacts": [
{
"capecId": "CAPEC-215",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-215 Fuzzing and observing application log data/errors for application mapping"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-27T01:12:36.738Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4693390139849392205"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e6.1.03.11,7.2.01.01P1,Lite7.2.01.01P1\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "6.1.03.11,7.2.01.01P1,Lite7.2.01.01P1"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "ZTE GoldenDB Database product has an information disclosure vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2025-46575",
"datePublished": "2025-04-27T01:12:36.738Z",
"dateReserved": "2025-04-25T00:28:13.908Z",
"dateUpdated": "2025-04-28T15:34:10.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46574 (GCVE-0-2025-46574)
Vulnerability from nvd – Published: 2025-04-27 01:07 – Updated: 2025-04-28 15:34
VLAI?
Title
ZTE GoldenDB Database product has an input validation vulnerability
Summary
There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information.
Severity ?
4.1 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46574",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T13:41:53.779542Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T15:34:18.287Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "GoldenDB",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "6.1.03.10",
"status": "affected",
"version": "6.1.03",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.2.01.01",
"versionType": "custom"
},
{
"status": "affected",
"version": "Lite7.2.01.01",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system\u0027s sensitive information.\u003c/span\u003e"
}
],
"value": "There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system\u0027s sensitive information."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-27T01:07:30.168Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4693390139849392200"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e6.1.03.11,7.2.01.01P1,Lite7.2.01.01P1\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "6.1.03.11,7.2.01.01P1,Lite7.2.01.01P1"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "ZTE GoldenDB Database product has an input validation vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2025-46574",
"datePublished": "2025-04-27T01:07:29.152Z",
"dateReserved": "2025-04-25T00:28:13.907Z",
"dateUpdated": "2025-04-28T15:34:18.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}