CVE-2025-46579

HIGH
2025-04-27 [email protected]
8.4
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 18:38 vuln.today
CVE Published
Apr 27, 2025 - 02:15 nvd
HIGH 8.4

Tags

RCE Code Injection Zxcloud Goldendb

Description

There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed.

Analysis

There is a DDE injection vulnerability in the GoldenDB database product. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical Context

This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed. Affected products include: Zte Zxcloud Goldendb.

Affected Products

Zte Zxcloud Goldendb.

Remediation

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.

Priority Score

42
Low Medium High Critical
KEV: 0
EPSS: +0.2
CVSS: +42
POC: 0

Share

CVE-2025-46579 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy