CVE-2025-15016
Hard-coded Key in Ragic Cloud DB Enables Unauthorized Access
Publication date: 2025-12-22
Last updated on: 2026-03-05
Assigner: TWCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ragic | enterprise_cloud_database | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-321 | The product uses a hard-coded, unchangeable cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not contain information regarding the impact of CVE-2025-15016 on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2025-15016 is a critical vulnerability in the Enterprise Cloud Database developed by Ragic. It involves a hard-coded cryptographic key that allows unauthenticated remote attackers to exploit the fixed key to generate authentication information. This enables them to log into the system as any user without needing any privileges or user interaction. [1, 2]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized access to the system as any user, potentially allowing attackers to execute arbitrary SQL commands, read sensitive database contents, and compromise confidentiality, integrity, and availability of the system. [2]
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate step to mitigate this vulnerability is to contact the vendor and apply the provided patches for the Enterprise Cloud Database product. [1, 2]