HOMEVULNERABILITIESCVE-2025-15623
CRITICAL

CVE-2025-15623

CWE-359Published: April 17, 2026· Updated: Apr 17, 2026

9.3
CVSS v3.1
EPSS:0.05%probability of exploitation in 30 daysPercentile:16.1th

Official Description

Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.

Unauthenticated user can retrieve database password in plaintext in certain situations

NVD Source

Risk Analysis

This critical vulnerability in Sparx Pro Cloud Server allows unauthenticated users to retrieve database passwords in plaintext under certain conditions. With a CVSS score of 9.3, this flaw poses a significant risk of unauthorized access to sensitive database information and potential system compromise. The absence of an EPSS score means its exploitation likelihood is not yet predicted, but the critical severity requires urgent attention.

No public exploit is currently known for this vulnerability. The remote attack vector (AV:N) indicates it can be exploited over a network.

Recommended Action

Organizations using Sparx Pro Cloud Server should apply vendor patches to prevent the exposure of sensitive information. Implement robust access controls and ensure that database credentials are never stored or transmitted in plaintext.

Generated by the CTIWATCH analysis pipeline from this CVE's metadata (CVSS, EPSS, KEV status, exploit intelligence). Verify against vendor advisories before acting.

Technical Analysis

CVE-2025-15623 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.

The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorNetwork
Attack ComplexityLow
Privileges Req.None
User InteractionNone
ScopeP
Impact
Confidentiality
Integrity
Availability
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:C/RE:M/U:Red

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (1)

Quick Facts

CVE IDCVE-2025-15623
CVSS Score9.3 / 10
SeverityCRITICAL
WeaknessCWE-359
CISA KEVNo
EPSS (30d)0.05%
PublishedApr 17, 2026

Related CVEs (CWE-359)

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2025-15623 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.