Home

Description

Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases.

PUBLISHED Reserved 2026-04-09 | Published 2026-04-17 | Updated 2026-04-17 | Assigner NCSC-FI




CRITICAL: 9.5CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:I/V:C/RE:M/U:Red

Problem types

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Product status

Default status
unknown

6.0.163
affected

Credits

Pasi Orovuo, Solita Oy finder

Henri Hämäläinen, Solita Oy finder

Samu Ahvenainen, Solita Oy finder

References

sparxsystems.com/products/procloudserver/6.1/history.html

cve.org (CVE-2025-15625)

nvd.nist.gov (CVE-2025-15625)

Download JSON