CVE-2025-15623

CRITICAL

Sparx Pro Cloud Server reveals sensitive information to an unauthenticated user

Title source: cna

Description

Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. Unauthenticated user can retrieve database password in plaintext in certain situations

References (1)

https://sparxsystems.com/products/procloudserver/6.1/history.html

Scores

CVSS v4 9.3

EPSS 0.0007

EPSS Percentile 20.6%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/S:P/AU:Y/V:C/RE:M/U:Red

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-359 CWE-497

Status published

Products (1)

Sparx Systems Pty Ltd./Sparx Pro Cloud Server 6.0.163

Published Apr 17, 2026

Tracked Since Apr 17, 2026