Browse all 4 CVE security advisories affecting TDuckCloud. AI-powered Chinese analysis, POCs, and references for each vulnerability.
TDuckCloud provides cloud-based collaboration and file storage services for businesses. Historically, the platform has been vulnerable to multiple remote code execution (RCE) and cross-site scripting (XSS) flaws, as well as privilege escalation vulnerabilities. These issues have allowed attackers to execute arbitrary code, steal session cookies, and gain unauthorized administrative access. TDuckCloud has addressed these vulnerabilities through patches, but the recurring nature of these security issues suggests potential weaknesses in their development and validation processes. The platform's four recorded CVEs highlight ongoing security challenges that users should consider when implementing this solution in their infrastructure.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-8756 | TDuckCloud tduck-platform manage preHandle improper authorization — tduck-platformCWE-285 | 6.3 | Medium | 2025-08-09 |
| CVE-2025-7888 | TDuckCloud tduck-platform UserFormDataMapper.java UserFormDataMapper sql injection — tduck-platformCWE-89 | 6.3 | Medium | 2025-07-20 |
| CVE-2025-0558 | TDuckCloud tduck-platform QueryProThemeRequest.java QueryProThemeRequest sql injection — tduck-platformCWE-89 | 6.3 | Medium | 2025-01-18 |
| CVE-2024-8692 | TDuckCloud TDuckPro password recovery — TDuckProCWE-640 | 5.3 | Medium | 2024-09-11 |
This page lists every published CVE security advisory associated with TDuckCloud. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.