CVE 9.3 CRITICAL

Sparx Pro Cloud Server reveals sensitive information to an unauthenticated user_CVE-2025-15623

April 17, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/S:P/AU:Y/V:C/RE:M/U:Red

Description

Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.

Unauthenticated user can retrieve database password in plaintext in certain situations

AI Analysis

Unauthenticated exposure of sensitive system information, including database passwords, in Sparx Pro Cloud Server

Basic Information

ID CVE-2025-15623

Source NCSC-FI

Published Apr 17, 2026 at 08:37

Affected Product

Vendor Sparx Systems Pty Ltd.

Product Sparx Pro Cloud Server

Version 6.0.163

Affected Versions Sparx Systems Pty Ltd. Sparx Pro Cloud Server 6.0.163

CWE Classification

CWE-359 CWE-497

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Sparx Systems Pty Ltd.

Product Sparx Pro Cloud Server

Version 6.0.163

References

sparxsystems.com /products/procloudserver/6.1/history.html

{
    "lastseen": "",
    "description": "Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.\n\nUnauthenticated user can retrieve database password in plaintext in certain situations",
    "published": "2026-04-17T08:37:27.611Z",
    "modified": "2026-04-17T08:37:27.611Z",
    "type": "cve",
    "title": "Sparx Pro Cloud Server reveals sensitive information to an unauthenticated user",
    "source": "NCSC-FI",
    "references": "https://sparxsystems.com/products/procloudserver/6.1/history.html",
    "id": "CVE-2025-15623",
    "bulletinFamily": "",
    "cwe": [
        "CWE-359",
        "CWE-497"
    ],
    "cvelist": null,
    "sourceData": "Sparx Systems Pty Ltd. Sparx Pro Cloud Server 6.0.163",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/S:P/AU:Y/V:C/RE:M/U:Red",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Sparx Pro Cloud Server",
    "version": "6.0.163",
    "vendor": "Sparx Systems Pty Ltd.",
    "ai_description": "Unauthenticated exposure of sensitive system information, including database passwords, in Sparx Pro Cloud Server",
    "ai_severity": "Critical",
    "ai_vendor": "Sparx Systems Pty Ltd.",
    "ai_product": "Sparx Pro Cloud Server",
    "ai_version": "6.0.163",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply