CVE-2025-67806

LOW

Sage DPW <2021_06_000 - Info Disclosure

Title source: llm

Description

The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administrators can toggle this behavior in newer versions.

References (2)

https://www.sagedpw.at/

https://pastebin.com/Tk4LgMG2

Scores

CVSS v3 3.7

EPSS 0.0004

EPSS Percentile 10.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-203

Status published

Products (1)

sagedpw/sage_dpw 2025_06_004

Published Apr 01, 2026

Tracked Since Apr 01, 2026