CVE-2025-15624

CVSS v4.0

9.3

Critical

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/S:P/AU:Y/V:C/RE:M/U:Red

Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in plaintext.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-256

Related Identifiers

CVE-2025-15624

Affected Products

Sparx Pro Cloud Server

CVE-2025-15624

Weakness Enumeration

Related Identifiers

Affected Products

References · 3