CVE-2025-15623 CRITICAL

CVE-2025-15623: Sparx Pro Cloud Server reveals sensitive information to an unauthenticated user

Vendor Sparx Systems Pty Ltd.
Product Sparx Pro Cloud Server
Weakness CWE-359
Published April 17, 2026
Last update April 17, 2026

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/S:P/AU:Y/V:C/RE:M/U:Red

What the vulnerability does

01Description

Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. Unauthenticated user can retrieve database password in plaintext in certain situations

Key dates

02Disclosure timeline

April 17, 2026 CVE published
April 17, 2026 Record updated