{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-46579","assignerOrgId":"6786b568-6808-4982-b61f-398b0d9679eb","state":"PUBLISHED","assignerShortName":"zte","dateReserved":"2025-04-25T00:28:13.908Z","datePublished":"2025-04-27T01:34:35.034Z","dateUpdated":"2025-04-28T15:33:46.289Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Linux"],"product":"GoldenDB","vendor":"ZTE","versions":[{"lessThanOrEqual":"6.1.03.10","status":"affected","version":"6.1.03","versionType":"custom"},{"status":"affected","version":"7.2.01.01","versionType":"custom"},{"status":"affected","version":"Lite7.2.01.01","versionType":"custom"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: rgb(255, 255, 255);\">There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed.</span>"}],"value":"There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed."}],"impacts":[{"capecId":"CAPEC-242","descriptions":[{"lang":"en","value":"CAPEC-242 Code Injection"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.4,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-94","description":"CWE-94 Improper Control of Generation of Code ('Code Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"6786b568-6808-4982-b61f-398b0d9679eb","shortName":"zte","dateUpdated":"2025-04-27T01:34:35.034Z"},"references":[{"url":"https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1036467615091601474"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: rgb(255, 255, 255);\">6.1.03.11,7.2.01.01P1,Lite7.2.01.01P1</span>\n\n<br>"}],"value":"6.1.03.11,7.2.01.01P1,Lite7.2.01.01P1"}],"source":{"discovery":"INTERNAL"},"title":"ZTE GoldenDB Database product has a DDE injection vulnerability","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-04-28T13:41:07.717055Z","id":"CVE-2025-46579","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-28T15:33:46.289Z"}}]}}