CVE-2025-67807

MEDIUM

Sage DPW <2021_06_000 - Info Disclosure

Title source: llm

Description

The login mechanism of Sage DPW 2025_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administrators can toggle this behaviour in newer versions.

References (2)

https://www.sagedpw.at/

https://pastebin.com/Tk4LgMG2

Scores

CVSS v3 4.7

EPSS 0.0003

EPSS Percentile 8.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-204

Status published

Products (1)

sagedpw/sage_dpw 2025_06_004

Published Apr 01, 2026

Tracked Since Apr 01, 2026