CVE-2025-15624
Last modified
CVE-2025-15624 is a critical-severity vulnerability rated 9.3/10 on the CVSS scale. Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in plaintext.. EPSS estimates a 0.38% chance of exploitation in the next 30 days.
Description
Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in plaintext.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:C/RE:M/U:Red
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sparxsystems | Pro Cloud Server | 6.0.163 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-15624?
How severe is CVE-2025-15624?
How do I fix CVE-2025-15624?
Are you affected by CVE-2025-15624?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST