Cross-Site Request Forgery Vulnerability in Sparx Systems Pro Cloud Server
CVE-2025-4375

6.9MEDIUM

Key Information:

Vendor: Sparx Systems
Status: Pro Cloud Server
Vendor: CVE Published:; 9 May 2025

🔔 Create Sparx Systems Vulnerability Alert

What is CVE-2025-4375?

A Cross-Site Request Forgery (CSRF) vulnerability exists in Sparx Systems Pro Cloud Server that can lead to session hijacking. This security issue affects all versions prior to 6.0.165, allowing attackers to potentially change the Pro Cloud Server configuration password without authorization, compromising the integrity and confidentiality of user sessions.

Affected Version(s)

Pro Cloud Server Windows 0 <= 6.0.14

Pro Cloud Server Windows 6.0.165

References

https://sparxsystems.com/products/procloudserver/6.1/

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 9, 2025
Vulnerability Reserved
May 6, 2025

Credit

Santeri Siirilä

Mikko Korpi

CVE-2025-4375 Data

JSON