6.5
CVE-2025-46576
- EPSS 0.24%
- Veröffentlicht 27.04.2025 01:16:37
- Zuletzt bearbeitet 12.05.2025 19:32:59
- Quelle psirt@zte.com.cn
- CVE-Watchlists
- Unerledigt
ZTE GoldenDB Database product has a privilege escalation vulnerability
There is a Permission Management and Access Control vulnerability in the GoldenDB database product. Attackers can manipulate requests to bypass privilege restrictions and delete content.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zte ≫ Zxcloud Goldendb Version6.1.03.09
Zte ≫ Zxcloud Goldendb Version6.1.03.10
Zte ≫ Zxcloud Goldendb Version7.2.01.01 Update- SwEdition-
Zte ≫ Zxcloud Goldendb Version7.2.01.01 Update- SwEditionlite
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.473 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
|
| psirt@zte.com.cn | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.