CVE-2025-15622

UNKNOWN 0.0

Sparx Enterprise Architect Client reveals plaintext OAuth2 client secret

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client reveals plaintext OAuth2 client secretDesktop client decodes the secret and uses the plaintext secret to exchange it into an access and id tokens as part of the OpenID authentication flow.

CWE	CWE-522
Vendor	sparx systems pty ltd.
Product	sparx enterprise architect
Published	Apr 17, 2026
Last Updated	Apr 17, 2026

Stay Ahead of the Next One

Get instant alerts for sparx systems pty ltd. sparx enterprise architect

Be the first to know when new unknown vulnerabilities affecting sparx systems pty ltd. sparx enterprise architect are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Sparx Systems Pty Ltd. / Sparx Enterprise Architect

16.1.1627

References

NVD ↗ CVE.org ↗ EPSS Data ↗

sparxsystems.com: https://sparxsystems.com/products/ea/17.1/history.html

Credits

Pasi Orovuo, Solita Oy Henri Hämäläinen, Solita Oy Samu Ahvenainen, Solita Oy