This vulnerability (CVE-2025-15625) affects Sparx Pro Cloud Server version 6.0.163 and involves an SQL injection flaw where unauthenticated attackers can execute arbitrary SQL commands against the backend database. The issue arises from improper neutralization of special elements in SQL commands (CWE-89), potentially leading to unauthorized data access or manipulation. The CVSS 4.0 score of 9.5 reflects critical impact with high attack complexity but no required privileges or user interaction. No official remediation or patch is currently available, and no exploits have been observed in the wild. The vulnerability also relates to information exposure (CWE-200).

An unauthenticated attacker can exploit this vulnerability to execute arbitrary SQL commands on the Sparx Pro Cloud Server database, potentially leading to unauthorized data access, modification, or disclosure. This can compromise the confidentiality, integrity, and availability of the affected system's data. Given the critical CVSS score and the lack of required privileges or user interaction, the impact is severe if exploited.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or remediation level is provided, users should monitor Sparx Systems Pty Ltd. advisories closely. Until a patch is available, consider restricting network access to the affected version and applying any recommended temporary mitigations from the vendor. Avoid exposing the affected service to untrusted networks where possible.