CVE-2025-15622
The CVE-2025-15622 vectors/auth flow involve Sparx Systems Pty Ltd. Sparx Enterprise Architect desktop client exposing a plaintext OAuth2 client secret, which the client decodes and uses to exchange for access and ID tokens in the OpenID authentication flow. This is described as an Insufficiently...