CVE-2025-15621

UNKNOWN 0.0

Sparx Enterprise Architect Client does not verify the receiver of OAuth2 credentials during OpenID authentication

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication

CWE	CWE-522
Vendor	sparx systems pty ltd.
Product	sparx enterprise architect
Published	Apr 16, 2026
Last Updated	Apr 16, 2026

Stay Ahead of the Next One

Get instant alerts for sparx systems pty ltd. sparx enterprise architect

Be the first to know when new unknown vulnerabilities affecting sparx systems pty ltd. sparx enterprise architect are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Sparx Systems Pty Ltd. / Sparx Enterprise Architect

16.1.1627

References

NVD ↗ CVE.org ↗ EPSS Data ↗

sparxsystems.com: https://sparxsystems.com/products/ea/17.1/history.html

Credits

Pasi Orovuo, Solita Oy Henri Hämäläinen, Solita Oy Samu Ahvenainen, Solita Oy