CVE-2025-0558 | TDuckCloud tduck-platform up to 4.0 QueryProThemeRequest.java QueryProThemeRequest color sql injection

CVE-2025-0558 | TDuckCloud tduck-platform up to 4.0 QueryProThemeRequest.java QueryProThemeRequest color sql injection

A vulnerability classified as critical was found in TDuckCloud tduck-platform up to 4.0. This vulnerability affects the function QueryProThemeRequest of the file src/main/java/com/tduck/cloud/form/request/QueryProThemeRequest.java. The manipulation of the argument color leads to sql injection. This vulnerability was named CVE-2025-0558. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.