CVE-2025-15623
Analyzed Analyzed - Analysis Complete
Plaintext Password Exposure in Sparx Pro Cloud Server

Publication date: 2026-04-17

Last updated on: 2026-06-02

Assigner: National Cyber Security Centre Finland

Description
Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. Unauthenticated user can retrieve database password in plaintext in certain situations
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-17
Last Modified
2026-06-02
Generated
2026-06-16
AI Q&A
2026-04-17
EPSS Evaluated
2026-06-15
NVD
CVE-2025-15623
EUVD
EUVD-2025-209513
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sparxsystems pro_cloud_server 6.0.163
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-359 The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.
CWE-497 The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the exposure of private personal information and sensitive system information in Sparx Systems Pty Ltd's Sparx Pro Cloud Server.

Specifically, an unauthenticated user can retrieve the database password in plaintext under certain conditions, which means that someone without proper access can gain sensitive credentials.

Impact Analysis

The impact of this vulnerability is significant because unauthorized actors can obtain the database password in plaintext.

This can lead to unauthorized access to the database, potentially resulting in data breaches, loss of confidentiality, and further exploitation of the system.

Compliance Impact

This vulnerability involves the exposure of private personal information and sensitive system information to unauthorized actors, specifically allowing unauthenticated users to retrieve database passwords in plaintext.

Such exposure of sensitive data can lead to non-compliance with common standards and regulations like GDPR and HIPAA, which mandate the protection of personal and sensitive information against unauthorized access.

Therefore, organizations using the affected Sparx Pro Cloud Server may face increased risk of violating these regulations due to potential data breaches stemming from this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15623. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart