CVE-2025-15625 CRITICAL

CVE-2025-15625: Unauthenticated execution of arbitrary SQL queries in Sparx Pro Cloud Server

Vendor Sparx Systems Pty Ltd.
Product Sparx Pro Cloud Server
Weakness CWE-89 · SQLi
Published April 17, 2026
Last update April 17, 2026

CVSS base score

9.5/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:I/V:C/RE:M/U:Red

What the vulnerability does

01Description

Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases.

Key dates

02Disclosure timeline

April 17, 2026 CVE published
April 17, 2026 Record updated