Database Manipulation Vulnerability in WhatsUp Gold by Progress
CVE-2025-2572

5.6MEDIUM

Key Information:

Vendor: Progress Software
Status: Whatsup Gold
Vendor: CVE Published:; 14 April 2025

Summary

A database manipulation vulnerability in WhatsUp Gold prior to version 2024.0.3 enables attackers without authentication to alter the data within the WhatsUp.dbo.WrlsMacAddressGroup. This could lead to unauthorized changes in network monitoring configurations, compromising the integrity of the application and potentially affecting network management operations.

Affected Version(s)

WhatsUp Gold Windows 2024.0.1 <= 2024.0.2

References

https://www.progress.com/network-monitoring

https://docs.progress.com/bundle/whatsupgold-release-note...

CVSS V3.1

Score:

5.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 14, 2025
Vulnerability Reserved
Mar 20, 2025

Credit

Jimi from Tenable