Sparx Enterprise Architect fails to verify OAuth credentials

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.7

Sparx Enterprise Architect fails to verify OAuth credentials

CVE-2025-15621

Summary

The Sparx Systems Enterprise Architect software does not properly check the identity of the recipient when sharing sensitive login credentials. This could allow an attacker to intercept and misuse these credentials. Users should update the software to the latest version to ensure proper authentication and protect against unauthorized access.

Original title

Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication

Original description

Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication

nvd CVSS4.0 5.7

Vulnerability type

CWE-522 Insufficiently Protected Credentials

https://sparxsystems.com/products/ea/17.1/history.html

Published: 16 Apr 2026 · Updated: 17 Apr 2026 · First seen: 16 Apr 2026