{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-15622", "assignerOrgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "state": "PUBLISHED", "assignerShortName": "NCSC-FI", "dateReserved": "2026-04-09T08:02:28.850Z", "datePublished": "2026-04-17T08:35:05.019Z", "dateUpdated": "2026-04-17T08:35:05.019Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "shortName": "NCSC-FI", "dateUpdated": "2026-04-17T08:35:05.019Z"}, "title": "Sparx Enterprise Architect Client reveals plaintext OAuth2 client secret", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-522", "description": "CWE-522: Insufficiently Protected Credentials", "type": "CWE"}]}], "affected": [{"vendor": "Sparx Systems Pty Ltd.", "product": "Sparx Enterprise Architect", "versions": [{"status": "affected", "version": "16.1.1627"}, {"status": "unaffected", "version": "17.1.1714"}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect.\u00a0Client reveals plaintext OAuth2 client secretDesktop client decodes the secret and uses the plaintext secret to exchange it into an access and id tokens as part of the OpenID authentication flow.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect.&nbsp;Client reveals plaintext OAuth2 client secret<div>Desktop client decodes the secret and uses the plaintext secret to exchange it into an access and id tokens as part of the OpenID authentication flow.&nbsp;<br><p><br></p></div>"}]}], "references": [{"url": "https://sparxsystems.com/products/ea/17.1/history.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "subConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "subIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "PRESENT", "Automatable": "YES", "Recovery": "NOT_DEFINED", "valueDensity": "CONCENTRATED", "vulnerabilityResponseEffort": "MODERATE", "providerUrgency": "RED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 6.2, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:H/SI:L/SA:N/S:P/AU:Y/V:C/RE:M/U:Red"}}], "solutions": [{"lang": "en", "value": "Update to fixed version", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Update to fixed version"}]}], "credits": [{"lang": "en", "value": "Pasi Orovuo, Solita Oy", "type": "finder"}, {"lang": "en", "value": "Henri H\u00e4m\u00e4l\u00e4inen, Solita Oy", "type": "finder"}, {"lang": "en", "value": "Samu Ahvenainen, Solita Oy", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect.\u00a0Client reveals plaintext OAuth2 client secretDesktop client decodes the secret and uses the plaintext secret to exchange it into an access and id tokens as part of the OpenID authentication flow."}], "id": "CVE-2025-15622", "lastModified": "2026-04-17T09:16:03.633", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "NOT_DEFINED", "Safety": "PRESENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:C/RE:M/U:Red", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "MODERATE"}, "source": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "type": "Secondary"}]}, "published": "2026-04-17T09:16:03.633", "references": [{"source": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "url": "https://sparxsystems.com/products/ea/17.1/history.html"}], "sourceIdentifier": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-17T10:21:50.955624+00:00", "value": {"mitigation_remediation": ["Apply the vendor patch to the fixed version of Sparx Enterprise Architect.", "If a patch is not immediately available, disable OAuth2 client authentication or restrict outbound traffic from the client to mitigate token issuance.", "Rotate or regenerate client secrets and monitor for unauthorized token usage to limit potential impact."], "summary": {"action": "Immediate Patch", "impact": "Exposure of OAuth2 client secret leading to credential theft"}, "threat_synthesis": {"affected_systems": "Sparx Systems Pty Ltd. Sparx Enterprise Architect is affected. No specific version information is provided in the available data.", "description_and_impact": "The vulnerability allows the client application to expose the OAuth2 client secret in plaintext. An attacker who obtains this secret can use it to request access and ID tokens through the OpenID authentication flow, effectively impersonating the legitimate client and gaining unauthorized access to protected resources.", "risk_and_exploitability": "The CVSS score of 6.2 reflects moderate severity. EPSS is not available and the vulnerability is not listed in the CISA KEV catalog. Exploitation would likely require an attacker to gain local access to a system running the client or to trick a user into opening a malicious configuration that triggers the secret disclosure. Once the secret is exposed, the attacker can immediately obtain authentication tokens without further interaction."}}}}, "created": "2026-04-17T10:30:12.992618+00:00", "updated": "2026-04-17T10:30:12.992629+00:00", "vendors": []}