CVE-2025-15621

Published Apr 16, 2026

Last updated 2 months ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-15621 describes a vulnerability found in Sparx Systems Sparx Enterprise Architect, specifically concerning "Insufficiently Protected Credentials". The core issue lies in the client's failure to verify the intended receiver of OAuth2 credentials during the OpenID authentication process. This flaw means that the client does not confirm that the OAuth2 credentials are being sent to the legitimate recipient, potentially allowing them to be directed to an unauthorized entity. This could result in unauthorized access to user accounts and systems that rely on these compromised credentials.

Description: Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication
Source: db4dfee8-a97e-4877-bfae-eba6d14a2166
NVD status: Awaiting Analysis

Risk scores

CVSS 4.0

Type: Secondary
Base score: 5.7
Impact score: -
Exploitability score: -
Vector string: CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:C/RE:M/U:X
Severity: MEDIUM

Weaknesses

db4dfee8-a97e-4877-bfae-eba6d14a2166: CWE-522

Hype score: Not currently trending

References