CVE-2025-15622

Vulnerability Description

Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client reveals plaintext OAuth2 client secretDesktop client decodes the secret and uses the plaintext secret to exchange it into an access and id tokens as part of the OpenID authentication flow.

Related Weaknesses (CWE)

CWE-522

References

https://sparxsystems.com/products/ea/17.1/history.html

FAQ

What is CVE-2025-15622?

CVE-2025-15622 is a documented vulnerability. Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client reveals plaintext OAuth2 client secretDesktop client decodes the secret and uses the pla...

How severe is CVE-2025-15622?

CVSS scoring is not yet available for CVE-2025-15622. Check NVD for updates.

Is there a patch for CVE-2025-15622?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.