CVE-2025-4376

Summary

Improper Input Validation vulnerability in Sparx Systems Pro Cloud Server's WebEA model search field allows Cross-Site Scripting (XSS). This issue affects Pro Cloud Server: earlier than 6.0.165.

Affected Software

VendorProductVersion RangeStatus
Sparx SystemsPro Cloud Server0 <= 6.0.164affected
Sparx SystemsPro Cloud Server6.0.165unaffected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References