CVE-2025-67805

MEDIUM

Sage DPW 2025_06_004 - Info Disclosure

Title source: llm

Description

A non-default configuration in Sage DPW 2025_06_004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW Cloud. It was forcibly disabled again in version 2025_06_003.

References (2)

Core 2

Core References

https://www.sagedpw.at/

https://pastebin.com/Tk4LgMG2

Scores

CVSS v3 5.9

EPSS 0.0029

EPSS Percentile 20.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-200 CWE-306

Status published

Products (1)

sagedpw/sage_dpw 2025_06_004

Published Apr 01, 2026

Tracked Since Apr 01, 2026