Vulnerability in Sparx Systems Pty Ltd. Enterprise Architect

CVE-2025-15621

Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication

EPSS: 0.000 (5.7th percentile) — read the EPSS interpretation.

Affected products

Sparx Systems Pty Ltd. Enterprise Architect — versions 16.1.1627, 17.1.1714

Weakness classification (CWE)

CWE-522 — Insufficiently Protected Credentials

References

sparxsystems.com/products/ea/17.1/history.html