CVE-2025-46578

Summary

There are SQL injection vulnerabilities in multiple interfaces of the GoldenDB database product. Attackers can exploit these interfaces to inject commands and extract sensitive database information.

Affected Software

VendorProductVersion RangeStatus
ZTEGoldenDB6.1.03 <= 6.1.03.10affected
ZTEGoldenDB7.2.01.01affected
ZTEGoldenDBLite7.2.01.01affected

Weaknesses

  • CWE-89: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References