PT-2026-29528 · Sage · Sage Dpw

Published

2026-04-01

Updated

2026-04-01

CVE-2025-67805

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Sage DPW version 2025 06 004

Description A non-default configuration allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW Cloud.

Recommendations Disable the Database Monitor feature.

Fix

Information Disclosure

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-306

Related Identifiers

CVE-2025-67805

Affected Products

Sage Dpw

PT-2026-29528 · Sage · Sage Dpw

CVE-2025-67805

Weakness Enumeration

Related Identifiers

Affected Products

References · 4