CVE-2025-46579 | THREATINT

Description

There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed.

PUBLISHED Reserved 2025-04-25 | Published 2025-04-27 | Updated 2025-04-28 | Assigner zte

HIGH: 8.4CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Problem types

CWE-94 Improper Control of Generation of Code ('Code Injection')

Product status

Default status

unaffected

6.1.03 (custom)

affected

7.2.01.01 (custom)

affected

Lite7.2.01.01 (custom)

affected

References

support.zte.com.cn/...ui/bulletin/detail/1036467615091601474

cve.org (CVE-2025-46579)

nvd.nist.gov (CVE-2025-46579)

Download JSON