CVE-2025-15623

Sparx Pro Cloud Server reveals sensitive information to an unauthenticated user

CVSS 9.3 CRITICALEPSS 0.3%CWE-359 CWE-497

Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. Unauthenticated user can retrieve database password in plaintext in certain situations

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/S:P/AU:Y/V:C/RE:M/U:Red

Affected products

Sparx Systems Pty Ltd. · Sparx Pro Cloud Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://sparxsystems.com/products/procloudserver/6.1/history.html