Login Sign Up

CVE-2025-46574

4.1 MEDIUM

📋 TL;DR

An information disclosure vulnerability in GoldenDB database allows attackers to extract sensitive system information through error messages. Organizations using vulnerable GoldenDB versions are affected. This could expose configuration details, database structures, or other internal information.

💻 Affected Systems

Products:
  • GoldenDB
Versions: Specific versions not detailed in reference; check vendor advisory
Operating Systems: Not specified, likely multiple
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in error message handling mechanism

📦 What is this software?

Zxcloud Goldendb by Zte

View all CVEs affecting Zxcloud Goldendb →

Zxcloud Goldendb by Zte

View all CVEs affecting Zxcloud Goldendb →

Zxcloud Goldendb by Zte

View all CVEs affecting Zxcloud Goldendb →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers obtain database credentials, configuration secrets, or internal network information leading to further compromise.

🟠

Likely Case

Attackers gather system information, database schemas, or configuration details that could aid in targeted attacks.

🟢

If Mitigated

Limited exposure of non-critical system information with proper error handling and access controls.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation involves triggering error conditions to extract information from responses

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific fixed versions

Vendor Advisory: https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4693390139849392200

Restart Required: Yes

Instructions:

1. Review vendor advisory 2. Apply recommended patches 3. Restart GoldenDB services 4. Verify error messages no longer leak sensitive information

🔧 Temporary Workarounds

Configure Error Message Sanitization

all

Configure GoldenDB to return generic error messages without sensitive details

Check GoldenDB documentation for error message configuration

Network Segmentation

all

Restrict access to GoldenDB instances to trusted networks only

Configure firewall rules to limit GoldenDB port access

🧯 If You Can't Patch

  • Implement web application firewall (WAF) to filter error responses
  • Monitor logs for unusual error message requests and implement alerting

🔍 How to Verify

Check if Vulnerable:

Test by triggering database errors and checking if responses contain sensitive system information

Check Version:

Check GoldenDB documentation for version query command

Verify Fix Applied:

After patching, verify error messages return generic responses without sensitive details

📡 Detection & Monitoring

Log Indicators:

  • Unusual error message requests
  • Multiple failed query attempts
  • Requests designed to trigger errors

Network Indicators:

  • Unusual patterns of database error responses
  • Repeated connection attempts to GoldenDB

SIEM Query:

source="goldendb" AND (message="error" OR message="exception") | stats count by src_ip

📊 Metadata

CVE ID: CVE-2025-46574
CVSS v3 Score: 4.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-20
EPSS Score: 0.06% exploit probability (19.1th percentile)
Published: April 27, 2025
Last Updated: May 12, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-46574, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)