CVE-2025-26704 MEDIUM

CVE-2025-26704

Vendor Zte
Product GoldenDB
Weakness CWE-269
Published March 11, 2025
Last update March 11, 2025
View on NVD All CVEs

CVSS base score

6.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

What the vulnerability does

01Description

Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05.

Key dates

02Disclosure timeline

March 11, 2025 CVE published
March 11, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2022-23921 ICSA-22-053-01 GE Proficy CIMPLICITY-IPM CVE-2023-4404 Donation Forms by Charitable <= 1.7.0.12 - Unauthenticated Privilege Escalation CVE-2021-31847 Improper privilege management in repair process of MA for Windows CVE-2026-0920 LA-Studio Element Kit for Elementor <= 1.5.6.3 - Unauthenticated Privilege Escalation via Backdoor to Administrative User Creation via lakit_bkrole parameter CVE-2026-50570 Fission: Incomplete capability denylist in Environment/Function PodSpec validation allows tenant-added CAP_SYS_TIME and cross-tenant node wall-clock corruption