[VULNERABILITY ALERT] Ragic | Enterprise Cloud Database - Hard-coded Cryptographic Key (CVE-2025-15016)

POSTING DATE: 2025/12/29

Subject: [VULNERABILITY ALERT] Ragic | Enterprise Cloud Database - Hard-coded Cryptographic Key (CVE-2025-15016)

Content Description:
- Forwarded from Taiwan Computer Emergency Response Team/Coordination Center Security Alert TWCERTCC-200-202512-00000012
- [Ragic | Enterprise Cloud Database - Hard-coded Cryptographic Key] (CVE-2025-15016, CVSS: 9.8) The Enterprise Cloud Database developed by Ragic contains a Hard-coded Cryptographic Key vulnerability. A remote unauthenticated attacker can use the fixed key to generate authentication information, thereby logging into the system as any user.
Affected Platforms:
- Enterprise Cloud Database
Recommended Actions:
- Contact the vendor to install the patch.
Reference Material:
1. https://www.twcert.org.tw/tw/cp-132-10587-797c6-1.html

Computer and Communication Center
Network Systems Division, Respectfully