CVE-2025-15624: CWE-256: Plaintext Storage of a Password in Sparx Systems Pty Ltd. Sparx Pro Cloud Server
Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in plaintext.
AI Analysis
Technical Summary
This vulnerability involves the plaintext storage of locally created user passwords in Sparx Pro Cloud Server when OpenID authentication is used. The affected version is 6.0.163. The CVSS 4.0 score is 9.3 (critical), reflecting network attack vector, no required privileges or user interaction, and high impact on confidentiality and integrity. The vendor has not yet provided a remediation level or patch. The vulnerability is classified under CWE-256 (Plaintext Storage of a Password).
Potential Impact
The plaintext storage of passwords significantly increases the risk that an attacker who gains access to the stored password data can compromise user accounts, leading to unauthorized access and potential further compromise of the system. The CVSS score of 9.3 indicates critical severity with high confidentiality and integrity impacts. No known exploits have been reported so far.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, organizations should consider restricting access to the storage location of these passwords and monitor for unauthorized access. Avoid relying solely on OpenID authentication without additional protections. Do not assume this vulnerability is mitigated without vendor confirmation.
CVE-2025-15624: CWE-256: Plaintext Storage of a Password in Sparx Systems Pty Ltd. Sparx Pro Cloud Server
Description
Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in plaintext.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves the plaintext storage of locally created user passwords in Sparx Pro Cloud Server when OpenID authentication is used. The affected version is 6.0.163. The CVSS 4.0 score is 9.3 (critical), reflecting network attack vector, no required privileges or user interaction, and high impact on confidentiality and integrity. The vendor has not yet provided a remediation level or patch. The vulnerability is classified under CWE-256 (Plaintext Storage of a Password).
Potential Impact
The plaintext storage of passwords significantly increases the risk that an attacker who gains access to the stored password data can compromise user accounts, leading to unauthorized access and potential further compromise of the system. The CVSS score of 9.3 indicates critical severity with high confidentiality and integrity impacts. No known exploits have been reported so far.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, organizations should consider restricting access to the storage location of these passwords and monitor for unauthorized access. Avoid relying solely on OpenID authentication without additional protections. Do not assume this vulnerability is mitigated without vendor confirmation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- NCSC-FI
- Date Reserved
- 2026-04-09T08:02:32.647Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e1f70182d89c981fb0d48c
Added to database: 4/17/2026, 9:01:53 AM
Last enriched: 4/17/2026, 9:17:12 AM
Last updated: 4/17/2026, 6:37:52 PM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.