CVE-2025-15623
Published: 17 April 2026
Summary
CVE-2025-15623 is a critical-severity Exposure of Private Personal Information to an Unauthorized Actor (CWE-359) vulnerability in Sparxsystems Pro Cloud Server. Its CVSS base score is 9.3 (Critical).
Operationally, ranked at the 17.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-209513
Vulnerability details
Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. Unauthenticated user can retrieve database password in plaintext in certain…
more
situations
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Preventing nonpublic personal information from public posting reduces unauthorized exposure of private personal data.
The control detects and protects against mining of private personal information, reducing unauthorized exposure of PII.
Tracking locations of sensitive data and access users reduces risk of private personal information exposure.
Explicitly limits use of private personal information (PII) for non-operational purposes, reducing opportunities for its exposure outside production systems.
Explicit categorization of PII ensures stronger privacy controls are applied and approved before system operation.
Tainting enables identification of exfiltration of private personal information to unauthorized parties.
Automated marking identifies private personal information in outputs, tangibly reducing the ability to exploit weaknesses that result in its unauthorized exposure.
Privacy-specific attributes and their controlled association directly reduce exposure of private personal information through missing or incorrect labeling.