Sparx Systems Pty Ltd Sparx Pro Cloud Server vulnerabilities
3 known vulnerabilities affecting sparx_systems_pty_ltd/sparx_pro_cloud_server.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2
Vulnerabilities
Page 1 of 1
CVE-2025-15625P2CRITICALCVSS 9.8v6.0.1632026-04-17
CVE-2025-15625 [CRITICAL] CWE-89 CVE-2025-15625: Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in
Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases.
nvd
CVE-2025-15624P3HIGHCVSS 7.5v6.0.1632026-04-17
CVE-2025-15624 [HIGH] CWE-256 CVE-2025-15624: Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. In
Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.
In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in plaintext.
nvd
CVE-2025-15623P3HIGHCVSS 7.5v6.0.1632026-04-17
CVE-2025-15623 [HIGH] CWE-359 CVE-2025-15623: Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System In
Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.
Unauthenticated user can retrieve database password in plaintext in certain situations
nvd