ByteOS Network

NVD Vulnerability Details :

CVE-2025-67805

Modified

Source-cve@mitre.org

Published At-01 Apr, 2026 | 16:23

Updated At-10 May, 2026 | 14:16

A non-default configuration in Sage DPW 2025_06_004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW Cloud. It was forcibly disabled again in version 2025_06_003.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Type: Primary

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CPE Matches

sagedpw>>sage_dpw>>2025_06_004

cpe:2.3:a:sagedpw:sage_dpw:2025_06_004:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-306	Primary	nvd@nist.gov
CWE-200	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-306

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-200

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://pastebin.com/Tk4LgMG2	cve@mitre.org	Third Party Advisory
https://www.sagedpw.at/	cve@mitre.org	Product

Hyperlink: https://pastebin.com/Tk4LgMG2

Source: cve@mitre.org

Resource:

Third Party Advisory

Hyperlink: https://www.sagedpw.at/

Source: cve@mitre.org

Resource:

Product

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History