CVE-2025-0558

Name of the Vulnerable Software and Affected Versions TDuckCloud tduck-platform versions up to 4.0

Description A critical issue was found in the TDuckCloud tduck-platform, affecting the function QueryProThemeRequest of the file src/main/java/com/tduck/cloud/form/request/QueryProThemeRequest.java. The manipulation of the argument color leads to SQL injection. The attack can be initiated remotely. An exploit has been publicly disclosed, and the vendor was contacted but did not respond.

Recommendations For versions up to 4.0, as a temporary workaround, consider disabling the QueryProThemeRequest function until a patch is available. Restrict access to the color argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.