{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-15623", "assignerOrgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "state": "PUBLISHED", "assignerShortName": "NCSC-FI", "dateReserved": "2026-04-09T08:02:30.837Z", "datePublished": "2026-04-17T08:37:27.611Z", "dateUpdated": "2026-04-17T12:19:21.714Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "shortName": "NCSC-FI", "dateUpdated": "2026-04-17T08:37:27.611Z"}, "title": "Sparx Pro Cloud Server reveals sensitive information to an unauthenticated user", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-359", "description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor", "type": "CWE"}]}, {"descriptions": [{"lang": "en", "cweId": "CWE-497", "description": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere", "type": "CWE"}]}], "affected": [{"vendor": "Sparx Systems Pty Ltd.", "product": "Sparx Pro Cloud Server", "versions": [{"status": "affected", "version": "6.0.163"}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.\n\nUnauthenticated user can retrieve database password in plaintext in certain situations", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<div><span>Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.</span></div><p><span>Unauthenticated user can retrieve database password in plaintext in certain situations</span></p><p><br></p>"}]}], "references": [{"url": "https://sparxsystems.com/products/procloudserver/6.1/history.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "PRESENT", "Automatable": "YES", "Recovery": "NOT_DEFINED", "valueDensity": "CONCENTRATED", "vulnerabilityResponseEffort": "MODERATE", "providerUrgency": "RED", "version": "4.0", "baseSeverity": "CRITICAL", "baseScore": 9.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/S:P/AU:Y/V:C/RE:M/U:Red"}}], "credits": [{"lang": "en", "value": "Pasi Orovuo, Solita Oy", "type": "finder"}, {"lang": "en", "value": "Henri H\u00e4m\u00e4l\u00e4inen, Solita Oy", "type": "finder"}, {"lang": "en", "value": "Samu Ahvenainen, Solita Oy", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-17T12:00:21.330537Z", "id": "CVE-2025-15623", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-17T12:19:21.714Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-15623", "assignerOrgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "state": "PUBLISHED", "assignerShortName": "NCSC-FI", "dateReserved": "2026-04-09T08:02:30.837Z", "datePublished": "2026-04-17T08:37:27.611Z", "dateUpdated": "2026-04-17T12:19:21.714Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "shortName": "NCSC-FI", "dateUpdated": "2026-04-17T08:37:27.611Z"}, "title": "Sparx Pro Cloud Server reveals sensitive information to an unauthenticated user", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-359", "description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor", "type": "CWE"}]}, {"descriptions": [{"lang": "en", "cweId": "CWE-497", "description": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere", "type": "CWE"}]}], "affected": [{"vendor": "Sparx Systems Pty Ltd.", "product": "Sparx Pro Cloud Server", "versions": [{"status": "affected", "version": "6.0.163"}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.\n\nUnauthenticated user can retrieve database password in plaintext in certain situations", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<div><span>Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.</span></div><p><span>Unauthenticated user can retrieve database password in plaintext in certain situations</span></p><p><br></p>"}]}], "references": [{"url": "https://sparxsystems.com/products/procloudserver/6.1/history.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "PRESENT", "Automatable": "YES", "Recovery": "NOT_DEFINED", "valueDensity": "CONCENTRATED", "vulnerabilityResponseEffort": "MODERATE", "providerUrgency": "RED", "version": "4.0", "baseSeverity": "CRITICAL", "baseScore": 9.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/S:P/AU:Y/V:C/RE:M/U:Red"}}], "credits": [{"lang": "en", "value": "Pasi Orovuo, Solita Oy", "type": "finder"}, {"lang": "en", "value": "Henri H\u00e4m\u00e4l\u00e4inen, Solita Oy", "type": "finder"}, {"lang": "en", "value": "Samu Ahvenainen, Solita Oy", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-15623", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-17T12:00:21.330537Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-17T12:19:13.648Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.\n\nUnauthenticated user can retrieve database password in plaintext in certain situations"}], "id": "CVE-2025-15623", "lastModified": "2026-04-17T15:13:15.930", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "NOT_DEFINED", "Safety": "PRESENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:C/RE:M/U:Red", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "source": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "type": "Secondary"}]}, "published": "2026-04-17T09:16:04.593", "references": [{"source": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "url": "https://sparxsystems.com/products/procloudserver/6.1/history.html"}], "sourceIdentifier": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-359"}, {"lang": "en", "value": "CWE-497"}], "source": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "type": "Secondary"}]}

{}