CVE-2025-46578

MEDIUM

ZTE ZXCloud GoldenDB 6.1.03-6.1.03.10 - SQL Injection

Title source: llm

Description

There are SQL injection vulnerabilities in multiple interfaces of the GoldenDB database product. Attackers can exploit these interfaces to inject commands and extract sensitive database information.

References (1)

Core 1

Core References

Vendor Advisory

https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4693390139849392210

Scores

CVSS v3 6.5

EPSS 0.0022

EPSS Percentile 44.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (2)

zte/zxcloud_goldendb 7.2.01.01

zte/zxcloud_goldendb 6.1.03 - 6.1.03.11

Published Apr 27, 2025

Tracked Since Feb 18, 2026