CVE-2025-46579

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1036467615091601474", "name": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1036467615091601474", "tags": ["Vendor Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-94"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-46579", "ASSIGNER": "psirt@zte.com.cn"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}}, "publishedDate": "2025-04-27T02:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:zte:zxcloud_goldendb:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.1.03.11", "versionStartIncluding": "6.1.03"}, {"cpe23Uri": "cpe:2.3:a:zte:zxcloud_goldendb:7.2.01.01:-:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zte:zxcloud_goldendb:7.2.01.01:-:*:*:lite:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-05-12T19:32Z"}