CVE-2025-4375

Cross-Site Request Forgery CSRF vulnerability in Sparx Systems Pro Cloud Server allows Cross-Site Request Forgery to perform Session Hijacking. Cross-Site Request Forgery is present at the whole application but it can be used to change the Pro Cloud Server Configuration password. This issue affec...

CVE-2025-4377 Path traversal vulnerability in Sparx Pro Cloud Server WebEA webconfig in logview.php

Improper Limitation of a Pathname caused a Path Traversal vulnerability in Sparx Systems Pro Cloud Server. This vulnerability is present in logview.php and it allows reading arbitrary files on the filesystem. Logview is accessible on Pro Cloud Server Configuration interface. This issue affects Pr...

CVE-2025-4377

Sparx Systems Pro Cloud Server is affected by CVE-2025-4377 due to an Improper Limitation of a Pathname in logview.php, enabling a Path Traversal that allows reading arbitrary files on the filesystem. The issue affects Pro Cloud Server versions earlier than 6.0.165 and is exposed via the Pro Clou...

Sparx Systems Pro Cloud Server 安全漏洞

Sparx Systems Pro Cloud Server is an enterprise-class model collaboration platform from Sparx Systems Australia that supports cloud sharing and version control of EA Enterprise Architect models. A security vulnerability exists in Sparx Systems Pro Cloud Server versions prior to 6.0.165, which ste...

Sparx Systems Pro Cloud Server 安全漏洞

Sparx Systems Pro Cloud Server is an enterprise-class model collaboration platform from Sparx Systems Australia that supports cloud sharing and version control of EA Enterprise Architect models. A security vulnerability exists in Sparx Systems Pro Cloud Server versions prior to 6.0.165, which ste...