CVE-2025-15623
Plaintext Password Exposure in Sparx Pro Cloud Server
Publication date: 2026-04-17
Last updated on: 2026-04-17
Assigner: National Cyber Security Centre Finland
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sparx_systems | pro_cloud_server | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-359 | The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected. |
| CWE-497 | The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the exposure of private personal information and sensitive system information in Sparx Systems Pty Ltd's Sparx Pro Cloud Server.
Specifically, an unauthenticated user can retrieve the database password in plaintext under certain conditions, which means that someone without proper access can gain sensitive credentials.
How can this vulnerability impact me? :
The impact of this vulnerability is significant because unauthorized actors can obtain the database password in plaintext.
This can lead to unauthorized access to the database, potentially resulting in data breaches, loss of confidentiality, and further exploitation of the system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability involves the exposure of private personal information and sensitive system information to unauthorized actors, specifically allowing unauthenticated users to retrieve database passwords in plaintext.
Such exposure of sensitive data can lead to non-compliance with common standards and regulations like GDPR and HIPAA, which mandate the protection of personal and sensitive information against unauthorized access.
Therefore, organizations using the affected Sparx Pro Cloud Server may face increased risk of violating these regulations due to potential data breaches stemming from this vulnerability.