Database Manipulation Vulnerability in WhatsUp Gold by Progress

CVE-2025-2572

What is CVE-2025-2572?

CVE-2025-2572 is a database manipulation vulnerability identified in WhatsUp Gold, a network monitoring product by Progress Software. This vulnerability affects versions of WhatsUp Gold released prior to 2024.0.3 and enables unauthorized attackers to alter database contents without requiring authentication. The ability to modify critical data within the software could have serious repercussions for organizations relying on WhatsUp Gold for network performance monitoring and management.

Technical Details

The vulnerability specifically targets the WhatsUp.dbo.WrlsMacAddressGroup within the database of WhatsUp Gold. Attackers can exploit this flaw to manipulate the entries in this database table, potentially leading to unauthorized access and modifications of network management settings. Given that unauthorized manipulation of network monitoring data can allow attackers to change network behavior, it poses a significant risk to the integrity and reliability of network operations.

Potential Impact of CVE-2025-2572

1. Data Integrity Compromise: The ability for an unauthenticated user to modify critical database entries can lead to issues with data accuracy and integrity. This can severely affect the reliability of network performance metrics and monitoring.

2. Unauthorized Access and Control: If exploited, this vulnerability can allow attackers to gain unauthorized control over network monitoring configurations, effectively allowing them to manipulate network behavior and potentially disable monitoring controls.

3. Increased Vulnerability to Further Attacks: By compromising the network monitoring tool with this vulnerability, attackers could set the stage for further exploitation. This could lead to a broader system compromise or facilitate additional malicious actions within the organization’s network.

References