CVE-2025-15625

Summary

Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases.

Affected Software

VendorProductVersion RangeStatus
Sparx Systems Pty Ltd.Sparx Pro Cloud Server6.0.163affected

Weaknesses

  • CWE-89: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • CWE-200: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References