{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-15621", "assignerOrgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "state": "PUBLISHED", "assignerShortName": "NCSC-FI", "dateReserved": "2026-04-09T08:02:25.619Z", "datePublished": "2026-04-16T12:40:08.962Z", "dateUpdated": "2026-04-16T12:51:51.633Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "shortName": "NCSC-FI", "dateUpdated": "2026-04-16T12:40:08.962Z"}, "title": "Sparx Enterprise Architect Client does not verify the receiver of OAuth2 credentials during OpenID authentication", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-522", "description": "CWE-522: Insufficiently Protected Credentials", "type": "CWE"}]}], "affected": [{"vendor": "Sparx Systems Pty Ltd.", "product": "Sparx Enterprise Architect", "versions": [{"status": "affected", "version": "16.1.1627"}, {"status": "unaffected", "version": "17.1.1714"}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication<p><br></p><p><br></p><p><br></p>"}]}], "references": [{"url": "https://sparxsystems.com/products/ea/17.1/history.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "subIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "PRESENT", "Automatable": "YES", "Recovery": "NOT_DEFINED", "valueDensity": "CONCENTRATED", "vulnerabilityResponseEffort": "MODERATE", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 5.7, "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/S:P/AU:Y/V:C/RE:M"}}], "solutions": [{"lang": "en", "value": "Update to fixed version", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Update to fixed version"}]}], "credits": [{"lang": "en", "value": "Pasi Orovuo, Solita Oy", "type": "finder"}, {"lang": "en", "value": "Henri H\u00e4m\u00e4l\u00e4inen, Solita Oy", "type": "finder"}, {"lang": "en", "value": "Samu Ahvenainen, Solita Oy", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-16T12:51:32.874380Z", "id": "CVE-2025-15621", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T12:51:51.633Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-15621", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-16T12:51:32.874380Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T12:51:47.736Z"}}], "cna": {"title": "Sparx Enterprise Architect Client does not verify the receiver of OAuth2 credentials during OpenID authentication", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Pasi Orovuo, Solita Oy"}, {"lang": "en", "type": "finder", "value": "Henri H\u00e4m\u00e4l\u00e4inen, Solita Oy"}, {"lang": "en", "type": "finder", "value": "Samu Ahvenainen, Solita Oy"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "PRESENT", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.7, "Automatable": "YES", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/S:P/AU:Y/V:C/RE:M", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Sparx Systems Pty Ltd.", "product": "Sparx Enterprise Architect", "versions": [{"status": "affected", "version": "16.1.1627"}, {"status": "unaffected", "version": "17.1.1714"}], "defaultStatus": "unknown"}], "solutions": [{"lang": "en", "value": "Update to fixed version", "supportingMedia": [{"type": "text/html", "value": "Update to fixed version", "base64": false}]}], "references": [{"url": "https://sparxsystems.com/products/ea/17.1/history.html"}], "x_generator": {"engine": "Vulnogram 1.0.0"}, "descriptions": [{"lang": "en", "value": "Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication", "supportingMedia": [{"type": "text/html", "value": "Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication<p><br></p><p><br></p><p><br></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-522", "description": "CWE-522: Insufficiently Protected Credentials"}]}], "providerMetadata": {"orgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "shortName": "NCSC-FI", "dateUpdated": "2026-04-16T12:40:08.962Z"}}}, "cveMetadata": {"cveId": "CVE-2025-15621", "state": "PUBLISHED", "dateUpdated": "2026-04-16T12:51:51.633Z", "dateReserved": "2026-04-09T08:02:25.619Z", "assignerOrgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "datePublished": "2026-04-16T12:40:08.962Z", "assignerShortName": "NCSC-FI"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication"}], "id": "CVE-2025-15621", "lastModified": "2026-04-17T15:17:00.957", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "NOT_DEFINED", "Safety": "PRESENT", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "LOW", "userInteraction": "PASSIVE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:C/RE:M/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "MODERATE"}, "source": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "type": "Secondary"}]}, "published": "2026-04-16T13:16:43.423", "references": [{"source": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "url": "https://sparxsystems.com/products/ea/17.1/history.html"}], "sourceIdentifier": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "16.1.1627"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "17.1.1714"}}], "enrichment": {"confidence": 80.0, "confidence_source": "matching", "scores": [{"score": 80.0, "source": "matching"}]}, "original": {"product": "Sparx Enterprise Architect", "source": "cna", "vendor": "Sparx Systems Pty Ltd."}, "product": "enterprise_architect", "vendor": "sparxsystems"}], "analysis": {"en": {"generated_at": "2026-04-17T04:05:57.667281+00:00", "value": {"mitigation_remediation": ["Update Sparx Enterprise Architect to the latest released version that includes the fix", "Verify that the application correctly checks the issuer and audience fields of OAuth2 tokens and that it does not accept tokens from untrusted sources", "Configure network controls such as TLS inspection and enforce strict HTTPS usage to prevent man\u2011in\u2011the\u2011middle interception of authentication traffic"], "summary": {"action": "Patch", "impact": "Credentials can be intercepted or redirected, allowing an attacker to gain unauthorized access using OAuth2 tokens"}, "threat_synthesis": {"affected_systems": "Sparx Systems Pty Ltd. Sparx Enterprise Architect is affected. All releases are potentially impacted until a patch is applied. No specific version information is provided.", "description_and_impact": "The vulnerability is an insufficiently protected credentials issue: the client does not verify the receiver of OAuth2 credentials during OpenID authentication. This allows an attacker to intercept or redirect OAuth2 access or ID tokens, potentially gaining authentication credentials and unauthorized access.", "risk_and_exploitability": "The CVSS score is 5.7, indicating moderate severity. EPSS is not available, so the current exploitation probability is unclear. The vulnerability is not listed in the CISA KEV catalog. Attackers would likely need to control or spoof the OpenID provider, or intercept traffic during the authentication flow; the attack vector is inferred from the nature of the credential misuse."}}}}, "created": "2026-04-16T18:58:34.958138+00:00", "updated": "2026-04-17T04:15:09.338679+00:00", "vendors": ["sparxsystems", "sparxsystems$PRODUCT$enterprise_architect"]}