CVE-2025-67807

n/a · n/a

The login mechanism of Sage DPW 2025_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administra

Description

The login mechanism of Sage DPW 2025_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administrators can toggle this behaviour in newer versions.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a, 2025_06_004

References

Related News (1 articles)

Tier C

VulDB2h ago

CVE-2025-67807 | Sage DPW 2025_06_004 Login response discrepancy

→ No new info (linked only)

CVSS 3.17.5 NONE

CISA KEV❌ No

Actively exploited❌ No

PublishedApr 1, 2026

Last enriched2h agov2

Trending Score20

Source articles1

Independent1

Info Completeness7/14

Missing: epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2024-43028EXP

CVE-2024-43028: A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 allows attackers to exe

Trending: 51

CRITICALCVE-2025-67805EXP

CVE-2025-67805: A non-default configuration in Sage DPW 2025_06_004 allows unauthenticated access to diagnostic endpoints within the Dat

Trending: 50

MEDIUMCVE-2026-30280EXP

CVE-2026-30280: An arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVATE LIMITED Video player Play All Videos v1.0.135 al

Trending: 39

NONECVE-2026-30273

CVE-2026-30273: pandas-ai v3.0.0 was discovered to contain a SQL injection vulnerability via the pandasai.agent.base._execute_sql_query

Trending: 32

NONECVE-2026-30643

CVE-2026-30643: An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module u

Trending: 32

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 1, 2026

Discovered by ZDM

Apr 1, 2026

Updated: affectedVersions, cvssEstimate

Apr 1, 2026

Version History

Last enriched 2h ago

v2Tier C2h ago

Updated vendor to Sage, product to DPW, added affected version 2025_06_004, changed severity to HIGH, set CVSS estimate to 7.5, and marked as actively exploited.

affectedVersionscvssEstimate

via VulDB

v12h ago

Initial creation