← back
CVE-2025-46578

ZTE GoldenDB Database product has SQL injection vulnerabilities in multiple interfaces

CVSS 6.5 MEDIUMEPSS 0.3%CWE-89
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 0.3%KEV nãoPoC Patch
Lifecycle
27 Apr 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
There are SQL injection vulnerabilities in multiple interfaces of the GoldenDB database product. Attackers can exploit these interfaces to inject commands and extract sensitive database information.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products
ZTE · GoldenDB

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4693390139849392210