A non-default configuration in Sage DPW 2025_06_004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table n

Description

A non-default configuration in Sage DPW 2025_06_004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW Cloud. It was forcibly disabled again in version 2025_06_003.

Affected Products

Vendor	Product	Versions
Sage	DPW	—

References

Related News (1 articles)

Tier C

VulDB7h ago

CVE-2025-67805 | Sage DPW 2025_06_004 Database Monitor Feature improper authentication

→ No new info (linked only)

CVSS 3.15.9 MEDIUM

VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA KEV❌ No

Actively exploited❌ No

PublishedApr 1, 2026

Last enriched2h agov2

Trending Score23

Source articles1

Independent1

Info Completeness6/14

Missing: versions, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Version History

Last enriched 2h ago

v2Tier C2h ago

Updated vendor to Sage, product to DPW, severity to CRITICAL, and corrected exploit availability to false.

vendorproduct

via VulDB

v13h ago

Initial creation

A non-default configuration in Sage DPW 2025_06_004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table n

Description

Affected Products

References

Related News (1 articles)

Community Vote

Related CVEs (1)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History