CVE-2025-10452
BaseFortify
Publication date: 2025-09-15
Last updated on: 2025-09-15
Assigner: TWCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gotac | statistical_database_system | 1.0.1 |
| jinzhun_information | statistical_database_system | 1.0.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-10452 is a Missing Authentication vulnerability in the Statistical Database System developed by Gotac, affecting versions below 1.0.1. This flaw allows unauthenticated remote attackers to access the database without verifying their identity, enabling them to read, modify, and delete database contents with high-level privileges. [1, 2]
How can this vulnerability impact me? :
This vulnerability can have a critical impact by allowing attackers to remotely access the database without any authentication. They can read sensitive data, modify records, or delete database contents, which compromises confidentiality, integrity, and availability of the system. This can lead to data breaches, loss of data, and disruption of services. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the Statistical Database System developed by Gotac to version 1.0.1 or later, as versions prior to 1.0.1 are affected by this critical Missing Authentication vulnerability. [1, 2]