CVE-2025-2572
📋 TL;DR
An unauthenticated database manipulation vulnerability in WhatsUp Gold allows attackers to modify the WrlsMacAddressGroup table without credentials. This affects all WhatsUp Gold installations running versions before 2024.0.3, potentially impacting network monitoring integrity.
💻 Affected Systems
- WhatsUp Gold
📦 What is this software?
Whatsup Gold by Progress
⚠️ Risk & Real-World Impact
Worst Case
Attackers could manipulate wireless device grouping data, causing network monitoring failures, false alerts, or disruption of wireless network management capabilities.
Likely Case
Unauthorized modification of wireless MAC address groupings leading to inaccurate network monitoring reports and potential operational confusion.
If Mitigated
With proper network segmentation and access controls, impact is limited to potential data integrity issues within the wireless monitoring module.
🎯 Exploit Status
CWE-287 indicates improper authentication, making exploitation straightforward for attackers with network access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2024.0.3 or later
Vendor Advisory: https://docs.progress.com/bundle/whatsupgold-release-notes-24-0/page/WhatsUp-Gold-2024.0-Release-Notes.html
Restart Required: Yes
Instructions:
1. Download WhatsUp Gold 2024.0.3 or later from Progress website. 2. Backup current installation and database. 3. Run installer with administrative privileges. 4. Restart WhatsUp Gold services after installation completes.
🔧 Temporary Workarounds
Network Segmentation
allRestrict network access to WhatsUp Gold interface to authorized management networks only
Web Application Firewall Rules
allImplement WAF rules to block unauthorized database manipulation attempts
🧯 If You Can't Patch
- Implement strict network access controls to limit WhatsUp Gold interface access to trusted IP addresses only
- Monitor database modification logs for unauthorized changes to WrlsMacAddressGroup table
🔍 How to Verify
Check if Vulnerable:
Check WhatsUp Gold version via web interface Admin > About or via installed program versionCheck Version:
Not applicable via command line; check via web interface or Windows Programs and FeaturesVerify Fix Applied:
Verify version is 2024.0.3 or higher and test that unauthenticated requests to modify WrlsMacAddressGroup are properly rejected📡 Detection & Monitoring
Log Indicators:
- Unauthorized database modification attempts
- Failed authentication attempts followed by database operations
- Unexpected modifications to WrlsMacAddressGroup table
Network Indicators:
- Unusual database query patterns from unauthenticated sources
- HTTP requests to WhatsUp Gold database endpoints without authentication headers
SIEM Query:
source="whatsup_gold" AND (event_type="database_modification" AND user="anonymous") OR (http_status=200 AND uri CONTAINS "WrlsMacAddressGroup" AND auth_token=null)