CVE-2025-15624 CRITICAL

CVE-2025-15624: Plaintext Storage of a Password in Sparx Pro Cloud Server.

Vendor Sparx Systems Pty Ltd.
Product Sparx Pro Cloud Server
Weakness CWE-256
Published April 17, 2026
Last update April 17, 2026

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/S:P/AU:Y/V:C/RE:M/U:Red

What the vulnerability does

01Description

Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.  In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in plaintext.

Key dates

02Disclosure timeline

April 17, 2026 CVE published
April 17, 2026 Record updated