CVE 9.3 CRITICAL

Plaintext Storage of a Password in Sparx Pro Cloud Server._CVE-2025-15624

April 17, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/S:P/AU:Y/V:C/RE:M/U:Red

Description

Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.
In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in plaintext.

AI Analysis

Plaintext storage of passwords in Sparx Pro Cloud Server

Basic Information

ID CVE-2025-15624

Source NCSC-FI

Published Apr 17, 2026 at 08:38

Affected Product

Vendor Sparx Systems Pty Ltd.

Product Sparx Pro Cloud Server

Version 6.0.163

Affected Versions Sparx Systems Pty Ltd. Sparx Pro Cloud Server 6.0.163

CWE Classification

CWE-256

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Sparx Systems Pty Ltd.

Product Sparx Pro Cloud Server

Version 6.0.163

References

sparxsystems.com /products/procloudserver/6.1/history.html

{
    "lastseen": "",
    "description": "Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.\u00a0\nIn a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in plaintext.",
    "published": "2026-04-17T08:38:36.968Z",
    "modified": "2026-04-17T08:38:36.968Z",
    "type": "cve",
    "title": "Plaintext Storage of a Password in Sparx Pro Cloud Server.",
    "source": "NCSC-FI",
    "references": "https://sparxsystems.com/products/procloudserver/6.1/history.html",
    "id": "CVE-2025-15624",
    "bulletinFamily": "",
    "cwe": [
        "CWE-256"
    ],
    "cvelist": null,
    "sourceData": "Sparx Systems Pty Ltd. Sparx Pro Cloud Server 6.0.163",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/S:P/AU:Y/V:C/RE:M/U:Red",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Sparx Pro Cloud Server",
    "version": "6.0.163",
    "vendor": "Sparx Systems Pty Ltd.",
    "ai_description": "Plaintext storage of passwords in Sparx Pro Cloud Server",
    "ai_severity": "Critical",
    "ai_vendor": "Sparx Systems Pty Ltd.",
    "ai_product": "Sparx Pro Cloud Server",
    "ai_version": "6.0.163",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply