Insufficiently Protected Credentials in Sparx Enterprise Architect by Sparx Systems
CVE-2025-15621

5.7MEDIUM

Key Information:

Vendor: Sparx Systems Pty Ltd.
Status: Sparx Enterprise Architect
Vendor: CVE Published:; 16 April 2026

🔔 Create Sparx Systems Pty Ltd. Vulnerability Alert

What is CVE-2025-15621?

The Sparx Enterprise Architect product by Sparx Systems contains a vulnerability where the client does not adequately verify the recipient of OAuth2 credentials during the OpenID authentication process. This oversight could potentially allow unauthorized access to sensitive information, threatening the integrity and security of the system.

Affected Version(s)

Sparx Enterprise Architect 16.1.1627

Sparx Enterprise Architect 17.1.1714

References

https://sparxsystems.com/products/ea/17.1/history.html

CVSS V4

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2026
Vulnerability Reserved
Apr 9, 2026

Credit

Pasi Orovuo, Solita Oy

Henri Hämäläinen, Solita Oy

Samu Ahvenainen, Solita Oy

CVE-2025-15621 Data

JSON