| TVN ID | TVN-202512007 |
|---|---|
| CVE ID | CVE-2025-15015, CVE-2025-15015 |
| CVSS | CVE-2025-15015: 7.5 (High) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2025-15016: 9.8 (Critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Affected Products | Enterprise Cloud Database |
| Description | CVE-2025-15015: Enterprise Cloud Database has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files. CVE-2025-15016: Enterprise Cloud Database has a Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information and log into the system as any user.arbitrary SQL commands to read database contents. |
| Solution | Contact the vendor to Install the patch. |
| Credit | Sideman (DEVCORE) |
| Public Date | 2025-12-22 |
:::