DDE Injection Vulnerability in GoldenDB Database by ZTE
CVE-2025-46579

7.8HIGH

Key Information:

Vendor: Zte
Status: Goldendb
Vendor: CVE Published:; 27 April 2025

What is CVE-2025-46579?

The GoldenDB database product by ZTE is susceptible to a DDE injection vulnerability that enables attackers to embed DDE expressions through its interface. When users inadvertently download and open infected files, the DDE commands are executed, posing a significant security risk. This vulnerability allows for unauthorized manipulation of user data and could lead to further system compromise if not addressed promptly.

Affected Version(s)

GoldenDB Linux 6.1.03 <= 6.1.03.10

GoldenDB Linux 7.2.01.01

GoldenDB Linux Lite7.2.01.01

References

https://support.zte.com.cn/zte-iccp-isupport-webui/bullet...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 27, 2025
Vulnerability Reserved
Apr 25, 2025

Zte

What is CVE-2025-46579?

Affected Version(s)

References

CVSS V3.1

Timeline