CVE-2025-2572 | THREATINT

Description

In WhatsUp Gold versions released before 2024.0.3, a database manipulation vulnerability allows an unauthenticated attacker to modify the contents of WhatsUp.dbo.WrlsMacAddressGroup.

PUBLISHED Reserved 2025-03-20 | Published 2025-04-14 | Updated 2025-04-14 | Assigner ProgressSoftware

MEDIUM: 5.6CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Problem types

CWE-287 Improper Authentication

Product status

Default status

affected

2024.0.1 (semver)

affected

Credits

Jimi from Tenable finder

References

www.progress.com/network-monitoring

docs.progress.com/.../WhatsUp-Gold-2024.0-Release-Notes.html

cve.org (CVE-2025-2572)

nvd.nist.gov (CVE-2025-2572)

Download JSON