CVE-2025-67805 MEDIUM

CVE-2025-67805

Vendor N/A
Product n/a
Published April 1, 2026
Last update May 10, 2026

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AC:H/AV:N/A:N/C:H/I:N/PR:N/S:U/UI:N

What the vulnerability does

01Description

A non-default configuration in Sage DPW 2025_06_004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW Cloud. It was forcibly disabled again in version 2025_06_003.

Key dates

02Disclosure timeline

April 1, 2026 CVE published
May 10, 2026 Record updated