CVE-2025-46579

high

Description

There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed.

References

https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1036467615091601474

Details

Source: Mitre, NVD

Published: 2025-04-27

Updated: 2025-04-29

Risk Information

CVSS v2

Base Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H