CVE-2025-15621

Summary

Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication

Affected Software

VendorProductVersion RangeStatus
Sparx Systems Pty Ltd.Sparx Enterprise Architect16.1.1627affected
Sparx Systems Pty Ltd.Sparx Enterprise Architect17.1.1714unaffected

Weaknesses

  • CWE-522: CWE-522: Insufficiently Protected Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References