CVE-2025-2572: 
WhatsUp Gold vulnerability analysis and mitigation

In WhatsUp Gold versions released before 2024.0.3, a database manipulation vulnerability allows an unauthenticated attacker to modify the contents of WhatsUp.dbo.WrlsMacAddressGroup (NVD). The vulnerability was discovered and disclosed on April 14, 2025, affecting Progress Software's WhatsUp Gold network monitoring solution (Progress Network Monitoring).

The vulnerability has been assigned a CVSS v3.1 base score of 5.6 (MEDIUM) with the following vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L. The vulnerability is classified under CWE-287 (Improper Authentication), indicating authentication bypass issues. The technical assessment shows that the vulnerability allows unauthorized database manipulation, specifically targeting the WrlsMacAddressGroup table in the WhatsUp database (NVD).

The vulnerability impacts the database integrity of WhatsUp Gold installations, allowing unauthorized modifications to the WrlsMacAddressGroup table. This could potentially affect network monitoring capabilities and compromise the accuracy of MAC address group configurations in the system (NVD).

Users are advised to upgrade to WhatsUp Gold version 2024.0.3 or later to address this vulnerability. Progress Software has released this version containing fixes for the database manipulation vulnerability (Progress Release Notes).