CVE-2025-46579

Summary

There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed.

Affected Software

VendorProductVersion RangeStatus
ZTEGoldenDB6.1.03 <= 6.1.03.10affected
ZTEGoldenDB7.2.01.01affected
ZTEGoldenDBLite7.2.01.01affected

Weaknesses

  • CWE-94: CWE-94 Improper Control of Generation of Code ('Code Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References