CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46580 – ZTE GoldenDB Database product has a code-related vulnerability
https://notcve.org/view.php?id=CVE-2025-46580
27 Apr 2025 — There is a code-related vulnerability in the GoldenDB database product. Attackers can access system tables to disrupt the normal operation of business SQL. • https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4828497866583347285 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46579 – ZTE GoldenDB Database product has a DDE injection vulnerability
https://notcve.org/view.php?id=CVE-2025-46579
27 Apr 2025 — There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed. • https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1036467615091601474 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46578 – ZTE GoldenDB Database product has SQL injection vulnerabilities in multiple interfaces
https://notcve.org/view.php?id=CVE-2025-46578
27 Apr 2025 — There are SQL injection vulnerabilities in multiple interfaces of the GoldenDB database product. Attackers can exploit these interfaces to inject commands and extract sensitive database information. • https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4693390139849392210 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46577 – ZTE GoldenDB Database product has an SQL injection vulnerability
https://notcve.org/view.php?id=CVE-2025-46577
27 Apr 2025 — There is a SQL injection vulnerability in the GoldenDB database product. Attackers can inject commands to extract database information. • https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1036467615091601469 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46576 – ZTE GoldenDB Database product has a privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2025-46576
27 Apr 2025 — There is a Permission Management and Access Control vulnerability in the GoldenDB database product. Attackers can manipulate requests to bypass privilege restrictions and delete content. • https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1036467615091601464 • CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46575 – ZTE GoldenDB Database product has an information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2025-46575
27 Apr 2025 — There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information. • https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4693390139849392205 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46574 – ZTE GoldenDB Database product has an input validation vulnerability
https://notcve.org/view.php?id=CVE-2025-46574
27 Apr 2025 — There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information. • https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4693390139849392200 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26702
https://notcve.org/view.php?id=CVE-2025-26702
11 Mar 2025 — Improper Input Validation vulnerability in ZTE GoldenDB allows Input Data Manipulation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.04. • https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1820079027271819342 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26703
https://notcve.org/view.php?id=CVE-2025-26703
11 Mar 2025 — Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.04. • https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/5666152569221570627 • CWE-269: Improper Privilege Management •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26704
https://notcve.org/view.php?id=CVE-2025-26704
11 Mar 2025 — Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05. • https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/6999218053484646494 • CWE-269: Improper Privilege Management •