PT-2026-29543 · Undefined · Undefined

Published

2026-04-01

Updated

2026-04-01

CVE-2025-67807

CVSS v3.1

4.7

Medium

Vector

AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

The login mechanism of Sage DPW 2025 06 004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021 06 000. On-premise administrators can toggle this behaviour in newer versions.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-204

Related Identifiers

CVE-2025-67807

Affected Products

Undefined

PT-2026-29543 · Undefined · Undefined

CVE-2025-67807

Weakness Enumeration

Related Identifiers

Affected Products

References · 3