CVE-2025-4353

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Golden Link Secondary System versions prior to 20250425

Description A critical issue exists in Golden Link Secondary System. The manipulation of the dictCn1 argument in an unknown function within the /paraframework/queryTsDictionaryType.htm file leads to a SQL injection. This allows for remote attacks. The exploit for this issue has been publicly disclosed.

Recommendations Versions prior to 20250425 should be updated. As a temporary workaround, consider restricting access to the /paraframework/queryTsDictionaryType.htm file to minimize the risk of exploitation. Avoid using the dictCn1 parameter until the issue is resolved.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-4353

Affected Products

Golden Link Secondary System

CVE-2025-4353

Weakness Enumeration

Related Identifiers

Affected Products

References · 11