The login mechanism of Sage DPW 2025_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administrators can toggle this behaviour in newer versions.
References
| Link | Resource |
|---|---|
| https://pastebin.com/Tk4LgMG2 | Third Party Advisory |
| https://www.sagedpw.at/ | Product |
Configurations
History
07 Apr 2026, 19:22
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:sagedpw:sage_dpw:2025_06_004:*:*:*:*:*:*:* | |
| References | () https://pastebin.com/Tk4LgMG2 - Third Party Advisory | |
| References | () https://www.sagedpw.at/ - Product | |
| First Time |
Sagedpw sage Dpw
Sagedpw |
01 Apr 2026, 20:16
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.7 |
| CWE | CWE-204 |
01 Apr 2026, 16:23
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-04-01 16:23
Updated : 2026-06-17 09:58
NVD link : CVE-2025-67807
Mitre link : CVE-2025-67807
CVE.ORG link : CVE-2025-67807
JSON object : View
Products Affected
sagedpw
- sage_dpw
CWE
CWE-204
Observable Response Discrepancy
