Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
Sparx EA Pro Cloud Server Stores Passwords in Plain Text
CVE-2025-15624
Summary
If OpenID is used for authentication, Sparx EA Pro Cloud Server stores users' passwords without encryption. This means that if an unauthorized person gains access to the server, they can easily access users' passwords. To protect your users, ensure that you're using a secure authentication method and update your Pro Cloud Server to the latest version.
Original title
Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.
In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA,...
Original description
Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.
In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in plaintext.
In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in plaintext.
nvd CVSS4.0
9.3
Vulnerability type
CWE-256
Published: 17 Apr 2026 · Updated: 17 Apr 2026 · First seen: 17 Apr 2026