CVE-2025-67805: n/a
A non-default configuration in Sage DPW 2025_06_004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW Cloud. It was forcibly disabled again in version 2025_06_003.
AI Analysis
Technical Summary
This vulnerability involves unauthenticated access to diagnostic endpoints in Sage DPW's Database Monitor feature when configured non-default. These endpoints expose sensitive data including hashes and database table names. The feature is disabled by default and forcibly disabled in version 2025_06_003, reducing exposure. The CVSS 3.1 base score is 5.9, reflecting medium severity with high confidentiality impact but no integrity or availability impact. The vulnerability is not present in the cloud version of Sage DPW.
Potential Impact
If exploited in affected non-default configurations, this vulnerability can lead to unauthorized disclosure of sensitive information such as hashes and database table names. There is no indication of integrity or availability impact. The exposure is limited by the fact that the vulnerable feature is disabled by default and forcibly disabled in version 2025_06_003. Sage DPW Cloud is not affected.
Mitigation Recommendations
Since the vulnerable feature is disabled by default and forcibly disabled in version 2025_06_003, upgrading to version 2025_06_003 or later effectively mitigates the risk. Users should ensure they are not running non-default configurations that enable the Database Monitor diagnostic endpoints. No patch links are provided, so verifying configuration settings and applying the version upgrade is the recommended remediation.
CVE-2025-67805: n/a
Description
A non-default configuration in Sage DPW 2025_06_004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW Cloud. It was forcibly disabled again in version 2025_06_003.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves unauthenticated access to diagnostic endpoints in Sage DPW's Database Monitor feature when configured non-default. These endpoints expose sensitive data including hashes and database table names. The feature is disabled by default and forcibly disabled in version 2025_06_003, reducing exposure. The CVSS 3.1 base score is 5.9, reflecting medium severity with high confidentiality impact but no integrity or availability impact. The vulnerability is not present in the cloud version of Sage DPW.
Potential Impact
If exploited in affected non-default configurations, this vulnerability can lead to unauthorized disclosure of sensitive information such as hashes and database table names. There is no indication of integrity or availability impact. The exposure is limited by the fact that the vulnerable feature is disabled by default and forcibly disabled in version 2025_06_003. Sage DPW Cloud is not affected.
Mitigation Recommendations
Since the vulnerable feature is disabled by default and forcibly disabled in version 2025_06_003, upgrading to version 2025_06_003 or later effectively mitigates the risk. Users should ensure they are not running non-default configurations that enable the Database Monitor diagnostic endpoints. No patch links are provided, so verifying configuration settings and applying the version upgrade is the recommended remediation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2025-12-12T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69cd3867e6bfc5ba1ddc2e34
Added to database: 4/1/2026, 3:23:19 PM
Last enriched: 5/11/2026, 1:42:09 AM
Last updated: 5/21/2026, 11:52:55 AM
Views: 48
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.