CVE-2025-15625
9.8 CRITICALUnauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases
Published: 2026-04-17 · Last updated: 2026-06-02
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-200, CWE-89
Affected products
| Vendor | Product |
|---|---|
| sparxsystems | pro_cloud_server |
Description
Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-42100 — Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by se... (7.5 HIGH)
- CVE-2026-42099 — Sparx Pro Cloud Server is vulnerable to a Race Condition in the /data_api/dl_internal_artifact.php endpoint (7.5 HIGH)
- CVE-2026-42097 — Sparx Pro Cloud Server requires authentication based on requested URL (8.8 HIGH)
- CVE-2026-42096 — Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database (8.8 HIGH)
- CVE-2025-15624 — Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd (7.5 HIGH)
Same CWE
- CVE-2026-48613 — SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migratio... (5.9 MEDIUM)
- CVE-2026-45418 — ClipBucket v5 is an open source video sharing platform (8.8 HIGH)
- CVE-2026-45060 — ClipBucket v5 is an open source video sharing platform (9.8 CRITICAL)
- CVE-2026-42647 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beardev JoomSport allows Blind SQL ... (9.3 CRITICAL)
- CVE-2026-39494 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW Plugins Product Filter by WBW a... (9.3 CRITICAL)