Sparxsystems Pro Cloud Server — known CVE vulnerabilities
Every CVE whose affected-product data names Sparxsystems Pro Cloud Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2025-15625 — CVSS 9.8 (critical): Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases.
CVE-2026-42096 — CVSS 8.8 (high): Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to lack of permission checks, any…
CVE-2026-42097 — CVSS 8.8 (high): Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the "model" query parameter and send the model…
CVE-2025-15623 — CVSS 7.5 (high): Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control…
CVE-2026-42100 — CVSS 7.5 (high): Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by…
CVE-2026-42099 — CVSS 7.5 (high): Sparx Pro Cloud Server is vulnerable to a Race Condition in the /data_api/dl_internal_artifact.php endpoint. The application downloads the…
CVE-2025-15624 — CVSS 7.5 (high): Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. In a setup where OpenID is used as the…