CVE-2025-15622

Published: Apr 17, 2026 Last Modified: Apr 17, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,2

Source: db4dfee8-a97e-4877-bfae-eba6d14a2166

Attack Vector: local

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client reveals plaintext OAuth2 client secretDesktop client decodes the secret and uses the plaintext secret to exchange it into an access and id tokens as part of the OpenID authentication flow.

522

Insufficiently Protected Credentials

Incomplete

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control

Potential Impacts:

Gain Privileges Or Assume Identity

Applicable Platforms

Technologies: ICS/OT, Not Technology-Specific, Web Based

View CWE Details

https://sparxsystems.com/products/ea/17.1/history.html

CVE-2025-15622

Description

Insufficiently Protected Credentials

Common Consequences

Applicable Platforms

Iscriviti alla newsletter