CVE-2025-67807 identifies a security vulnerability in the login mechanism of Sage DPW software versions released before 2021_06_000. The vulnerability arises because the system returns different responses when a user attempts to log in with a valid username compared to an invalid one. This discrepancy allows an attacker to enumerate valid usernames by analyzing the system's responses, which is a common reconnaissance technique used to gather information for further attacks. In newer versions of Sage DPW, on-premise administrators have the ability to toggle this behavior, potentially mitigating the risk. The vulnerability does not require authentication or user interaction, making it easier for remote attackers to exploit. However, there are no known exploits in the wild at this time, and no official CVSS score has been assigned. The lack of a CVSS score suggests the need for an independent severity assessment based on the impact on confidentiality and the ease of exploitation. The vulnerability primarily compromises confidentiality by revealing valid account information, which could be leveraged in subsequent attacks such as password guessing, social engineering, or targeted phishing campaigns. The absence of patches or exploit code indicates that mitigation relies on configuration changes and version upgrades. Organizations using affected versions should assess their exposure and consider disabling username enumeration responses or upgrading to versions where this behavior can be controlled.

The primary impact of CVE-2025-67807 is the exposure of valid usernames through distinct login responses, which compromises the confidentiality of user account information. This information leakage can significantly aid attackers in the reconnaissance phase, enabling more targeted and effective brute force attacks, credential stuffing, or social engineering campaigns. While the vulnerability does not directly allow unauthorized access or code execution, the enumeration of valid accounts increases the attack surface and the likelihood of successful subsequent attacks. For organizations, this can lead to unauthorized access if attackers combine username enumeration with weak or reused passwords. Additionally, the vulnerability may undermine trust in the affected systems and increase the risk of data breaches. Since the vulnerability affects versions prior to 2021_06_000 and can be toggled off in newer versions, organizations running outdated software are at higher risk. The lack of known exploits in the wild reduces immediate threat but does not eliminate the risk, especially as attackers often develop exploits after vulnerabilities are publicly disclosed. Overall, the impact is medium, with confidentiality at risk and potential indirect effects on integrity and availability if attackers leverage enumerated usernames in further attacks.

To mitigate CVE-2025-67807, organizations should first identify if they are running affected versions of Sage DPW prior to 2021_06_000. If so, upgrading to a newer version where the username enumeration behavior can be toggled off is strongly recommended. For on-premise deployments, administrators should disable the distinct response behavior to prevent username enumeration. Additionally, implementing account lockout policies or rate limiting on login attempts can reduce the effectiveness of enumeration and brute force attacks. Enforcing strong, unique passwords and multi-factor authentication (MFA) further mitigates risks associated with compromised usernames. Monitoring and logging login attempts for unusual patterns can help detect enumeration activities early. Network-level protections such as web application firewalls (WAFs) can be configured to detect and block enumeration attempts based on response patterns or request frequency. Finally, educating users about phishing risks and maintaining an incident response plan will help organizations respond effectively if enumeration leads to further compromise.