Path Traversal Vulnerability in Sparx Systems Pro Cloud Server
CVE-2025-4377

8.3HIGH

Key Information:

Vendor: Sparx Systems
Status: Pro Cloud Server
Vendor: CVE Published:; 9 May 2025

🔔 Create Sparx Systems Vulnerability Alert

What is CVE-2025-4377?

A path traversal vulnerability exists in the logview.php file of Sparx Systems Pro Cloud Server, enabling unauthorized access to arbitrary files on the server's filesystem. This flaw is notably present in versions earlier than 6.0.165, allowing attackers to exploit the misconfigured path limitations, which could lead to the exposure of sensitive information stored on the server. Logview is accessible via the Pro Cloud Server Configuration interface, making it critical for users to update their installations to mitigate potential security risks.

Affected Version(s)

Pro Cloud Server Windows 0 <= 6.0.163

Pro Cloud Server Windows 6.0.165

References

https://sparxsystems.com/products/procloudserver/6.1/

CVSS V4

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 9, 2025
Vulnerability Reserved
May 6, 2025

Credit

Santeri Siirilä

Mikko Korpi

CVE-2025-4377 Data

JSON