cvedb.io
CVE-2025-67805
MEDIUM · CVSS 5.9
EPSS exploitation probability: 0%
Published 2026-04-01T16:23:48.177 · Last modified 2026-06-17T09:58:07.100

Summary

A non-default configuration in Sage DPW 2025_06_004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW Cloud. It was forcibly disabled again in version 2025_06_003.

Affected products

sagedpw — sage_dpw

Does this affect you?

Add your gear to cvedb and we'll alert you only when sagedpw ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.