CVE-2025-67805 is a vulnerability identified in the Sage DPW software prior to version 2025_06_003, specifically related to a non-default configuration of the Database Monitor feature. When enabled, this feature exposes diagnostic endpoints that can be accessed without authentication. These endpoints reveal sensitive internal information, including password hashes and database table names, which could be leveraged by attackers to gain deeper insight into the system's structure and potentially facilitate further attacks such as credential cracking or targeted database exploitation. The vulnerability does not affect the default installation since the feature is disabled by default and is also not present in Sage DPW Cloud environments. The vendor addressed the issue by forcibly disabling the feature again in version 2025_06_003, effectively mitigating the vulnerability in newer releases. The CVSS 3.1 score of 5.9 reflects a medium severity, with the attack vector being network-based, no privileges or user interaction required, and a high impact on confidentiality but no impact on integrity or availability. No public exploits have been reported, indicating limited active exploitation at this time. However, the exposure of sensitive data such as hashes could enable offline attacks or assist attackers in lateral movement within compromised environments.

The primary impact of CVE-2025-67805 is the unauthorized disclosure of sensitive information, including password hashes and database schema details. This exposure can compromise confidentiality and potentially aid attackers in escalating privileges or conducting further attacks such as password cracking or SQL injection. Organizations running affected versions of Sage DPW with the vulnerable configuration enabled face increased risk of data breaches and unauthorized access. While the vulnerability does not directly affect system integrity or availability, the leaked information can be a stepping stone for more severe attacks. The fact that the feature is disabled by default and not present in cloud deployments limits the overall exposure, but organizations that have enabled the diagnostic endpoints for troubleshooting or monitoring purposes are particularly vulnerable. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially if attackers discover this vulnerability independently.

Organizations should verify whether the Database Monitor diagnostic endpoints are enabled in their Sage DPW installations. If enabled, immediate action should be taken to disable these endpoints to prevent unauthenticated access. Upgrading to Sage DPW version 2025_06_003 or later is strongly recommended, as the vendor has forcibly disabled the vulnerable feature in these versions. Additionally, organizations should audit access logs for any suspicious activity related to these endpoints and monitor for attempts to access diagnostic URLs. Implementing network-level controls such as firewall rules to restrict access to management or diagnostic interfaces can further reduce exposure. Where possible, sensitive information such as password hashes should be stored using strong hashing algorithms with salts to mitigate the impact of any potential leaks. Regular security assessments and configuration reviews should be conducted to ensure that non-default features do not inadvertently expose sensitive data.