CVE-2025-15623
published 2026-04-17CVE-2025-15623: Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability…
PriorityP345high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.26%
17.4th percentile
Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.
Unauthenticated user can retrieve database password in plaintext in certain situations
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sparx_systems_pty_ltd | sparx_pro_cloud_server | — | — |
| sparxsystems | pro_cloud_server | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:C/RE:M/U:Red
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mqmv-fjj3-cwjx: Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulner
ghsa_unreviewed·2026-04-17
CVE-2025-15623 [CRITICAL] CWE-359 GHSA-mqmv-fjj3-cwjx: Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulner
Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.
Unauthenticated user can retrieve database password in plaintext in certain situations
VulDB
Sparx Systems Sparx Pro Cloud Server 6.0.163 private personal information
vuldb·2026-04-17·CVSS 9.3
CVE-2025-15623 [CRITICAL] Sparx Systems Sparx Pro Cloud Server 6.0.163 private personal information
A vulnerability, which was classified as problematic, has been found in Sparx Systems Sparx Pro Cloud Server 6.0.163. Affected by this issue is some unknown functionality. This manipulation causes exposure of private personal information to an unauthorized actor.
This vulnerability is handled as CVE-2025-15623. The attack can be initiated remotely. There is not any exploit available.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-17
Published