CVE-2025-46579

Published Apr 27, 2025

Last updated a month ago

CVSS high 8.4

Overview

Description
There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed.
Source
psirt@zte.com.cn
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

psirt@zte.com.cn
CWE-94
nvd@nist.gov
CWE-94

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2025-46579 🔴 HIGH (8.4) 🏢 ZTE - GoldenDB 🏗️ 6.1.03 🔗 https://t.co/EBk6sEF1y1 #CyberCron #VulnAlert #InfoSec https://t.co/VX5dUzlJnj

    @cybercronai

    28 Apr 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-46579 DDE Injection Vulnerability in GoldenDB Allowing Remote Command E... https://t.co/wPDVyzXuAp Vulnerability Alert Subscriptions: https://t.co/hrQhy5uz4x

    @VulmonFeeds

    27 Apr 2025

    63 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-46579 There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open … https://t.co/Wy1H00zjus

    @CVEnew

    27 Apr 2025

    499 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. [CVE-2025-46579: HIGH] Beware of GoldenDB database product's DDE injection vulnerability that allows attackers to execute commands when users open affected files. Stay secure!#cve,CVE-2025-46579,#cybersecurity https://t.co/HsXQQFO5nM https://t.co/KzFYzyNTBh

    @CveFindCom

    27 Apr 2025

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.