CVE-2025-4375 is a Cross-Site Request Forgery (CSRF) vulnerability identified in Sparx Systems Pro Cloud Server versions earlier than 6.0.165. CSRF vulnerabilities allow an attacker to trick an authenticated user into submitting a malicious request to a web application in which they are currently authenticated. In this case, the vulnerability affects the entire Pro Cloud Server application but is particularly critical because it can be exploited to change the Pro Cloud Server configuration password. This implies that an attacker could hijack a legitimate user's session and perform unauthorized configuration changes, potentially locking out legitimate administrators or altering server behavior. The CVSS 4.0 base score of 6.9 (medium severity) reflects that the attack vector is network-based (AV:N), requires low attack complexity (AC:L), no privileges required (PR:H indicates high privileges but CVSS vector shows PR:H which means privileges are required, so the attacker must have some level of authenticated access), and requires user interaction (UI:P). The vulnerability impacts confidentiality (VC:H) and has low impact on availability (VA:L) with no impact on integrity (VI:N). The lack of known exploits in the wild suggests it is not yet actively exploited, but the potential for session hijacking and configuration manipulation makes it a significant risk. The vulnerability is assigned CWE-352, which is the standard classification for CSRF issues. The absence of patches at the time of publication indicates that organizations must rely on mitigation strategies until an official fix is released.

For European organizations using Sparx Systems Pro Cloud Server, this vulnerability poses a risk of unauthorized configuration changes through session hijacking facilitated by CSRF attacks. Since the Pro Cloud Server is often used for collaborative modeling and enterprise architecture management, unauthorized access could disrupt business processes, compromise sensitive architectural data, and lead to denial of service by locking out administrators. The medium severity rating suggests that while the vulnerability is not trivial, exploitation requires some level of authenticated access and user interaction, limiting its scope somewhat. However, given the critical nature of configuration settings in server management, successful exploitation could lead to significant operational impact. European organizations with strict compliance requirements (e.g., GDPR) may face regulatory consequences if unauthorized access leads to data exposure or service disruption. Additionally, the collaborative nature of the software means that multiple users could be affected, amplifying the impact. The lack of known exploits currently reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits over time.

1. Immediate mitigation should include implementing strict CSRF protections such as anti-CSRF tokens in all forms and state-changing requests within the Pro Cloud Server application. 2. Enforce multi-factor authentication (MFA) for all users to reduce the risk of session hijacking. 3. Limit user privileges strictly to the minimum necessary to reduce the impact of compromised accounts, especially for administrative roles. 4. Monitor and log all configuration changes and user activities to detect suspicious behavior promptly. 5. Use web application firewalls (WAFs) configured to detect and block CSRF attack patterns targeting the Pro Cloud Server. 6. Educate users about the risks of CSRF and encourage safe browsing habits to minimize the chance of user interaction with malicious sites. 7. Regularly update and patch the Pro Cloud Server as soon as Sparx Systems releases a fix for this vulnerability. 8. Consider network segmentation to isolate the Pro Cloud Server from less trusted networks to reduce exposure. 9. Review and tighten session management policies, including session timeouts and invalidation on logout, to limit session hijacking windows.