Skip to main content

Sparx Pro Cloud Server

3 CVEs product

Monthly

CVE-2025-15625 CRITICAL Act Now

SQL injection in Sparx Pro Cloud Server 6.0.163 allows remote attackers without authentication to execute arbitrary SQL commands against the backend database, leading to complete system compromise. Despite critical CVSS 9.5 scoring with network attack vector and no authentication required, exploitation complexity is rated HIGH and EPSS indicates only 0.06% probability (19th percentile). SSVC framework classifies technical impact as total but exploitation as none and not automatable, suggesting this requires specialized knowledge or non-default configurations to exploit. No active exploitation confirmed, no public exploit code identified at time of analysis.

SQLi Sparx Pro Cloud Server
NVD VulDB
CVSS 4.0
9.5
EPSS
0.1%
CVE-2025-15624 CRITICAL Act Now

Sparx Pro Cloud Server 6.0.163 stores user passwords in plaintext when OpenID authentication is configured, allowing remote unauthenticated attackers to extract credentials with network access to the backend database or file system. CVSS 9.3 (Critical) reflects network-accessible plaintext credential exposure. EPSS score of 0.05% (15th percentile) indicates low probability of widespread exploitation despite severity. No active exploitation confirmed (not in CISA KEV), but SSVC classifies as automatable with total technical impact. Vendor has released version 6.1 with fix per change history.

Information Disclosure Sparx Pro Cloud Server
NVD VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-15623 CRITICAL Act Now

Sparx Systems Pro Cloud Server 6.0.163 exposes database credentials in plaintext to unauthenticated remote attackers through an unprotected information disclosure endpoint. The vulnerability enables attackers to retrieve sensitive system configuration including database passwords without authentication (CVSS:4.0 9.3 Critical, AV:N/PR:N). CISA SSVC classifies this as automatable with total technical impact, though no active exploitation is currently documented (EPSS 0.05%, no KEV listing). Patch available in version 6.1+ per vendor security advisory.

Information Disclosure Sparx Pro Cloud Server
NVD VulDB
CVSS 4.0
9.3
EPSS
0.1%
EPSS 0% CVSS 9.5
CRITICAL Act Now

SQL injection in Sparx Pro Cloud Server 6.0.163 allows remote attackers without authentication to execute arbitrary SQL commands against the backend database, leading to complete system compromise. Despite critical CVSS 9.5 scoring with network attack vector and no authentication required, exploitation complexity is rated HIGH and EPSS indicates only 0.06% probability (19th percentile). SSVC framework classifies technical impact as total but exploitation as none and not automatable, suggesting this requires specialized knowledge or non-default configurations to exploit. No active exploitation confirmed, no public exploit code identified at time of analysis.

SQLi Sparx Pro Cloud Server
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL Act Now

Sparx Pro Cloud Server 6.0.163 stores user passwords in plaintext when OpenID authentication is configured, allowing remote unauthenticated attackers to extract credentials with network access to the backend database or file system. CVSS 9.3 (Critical) reflects network-accessible plaintext credential exposure. EPSS score of 0.05% (15th percentile) indicates low probability of widespread exploitation despite severity. No active exploitation confirmed (not in CISA KEV), but SSVC classifies as automatable with total technical impact. Vendor has released version 6.1 with fix per change history.

Information Disclosure Sparx Pro Cloud Server
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL Act Now

Sparx Systems Pro Cloud Server 6.0.163 exposes database credentials in plaintext to unauthenticated remote attackers through an unprotected information disclosure endpoint. The vulnerability enables attackers to retrieve sensitive system configuration including database passwords without authentication (CVSS:4.0 9.3 Critical, AV:N/PR:N). CISA SSVC classifies this as automatable with total technical impact, though no active exploitation is currently documented (EPSS 0.05%, no KEV listing). Patch available in version 6.1+ per vendor security advisory.

Information Disclosure Sparx Pro Cloud Server
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy