Improper Input Validation in Sparx Systems Pro Cloud Server Leads to XSS Vulnerability
CVE-2025-4376

5.3MEDIUM

Key Information:

Vendor: Sparx Systems
Status: Pro Cloud Server
Vendor: CVE Published:; 9 May 2025

🔔 Create Sparx Systems Vulnerability Alert

What is CVE-2025-4376?

An improper input validation vulnerability has been identified in Sparx Systems' Pro Cloud Server, specifically within the WebEA model search field. This flaw can be exploited to execute Cross-Site Scripting (XSS) attacks, potentially allowing attackers to inject malicious scripts into web pages viewed by users. This could lead to unauthorized actions or information theft. Users are urged to upgrade to version 6.0.165 or later to mitigate this risk.

Affected Version(s)

Pro Cloud Server Windows 0 <= 6.0.164

Pro Cloud Server Windows 6.0.165

References

https://sparxsystems.com/products/procloudserver/6.1/

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 9, 2025
Vulnerability Reserved
May 6, 2025

Credit

Santeri Siirilä

Mikko Korpi

CVE-2025-4376 Data

JSON