Medium severity5.9NVD Advisory· Published Apr 1, 2026· Updated May 10, 2026

CVE-2025-67805

Description

A non-default configuration in Sage DPW 2025_06_004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW Cloud. It was forcibly disabled again in version 2025_06_003.

Affected products

Sagedpw/Sage Dpw
cpe:2.3:a:sagedpw:sage_dpw:2025_06_004:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

pastebin.com/Tk4LgMG2nvdThird Party Advisory
www.sagedpw.atnvdProduct

News mentions

No linked articles in our index yet.

cvss	0.384
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000