CVE-2025-46579 HIGH

CVE-2025-46579: ZTE GoldenDB Database product has a DDE injection vulnerability

Vendor Zte
Product GoldenDB
Weakness CWE-94 · Code injection
Published April 27, 2025
Last update April 28, 2025

CVSS base score

8.4/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed.

Key dates

02Disclosure timeline

April 27, 2025 CVE published
April 28, 2025 Record updated