{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-67806", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-01T15:53:44.181Z", "dateReserved": "2025-12-12T00:00:00.000Z", "datePublished": "2026-04-01T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-01T15:08:01.285Z"}, "descriptions": [{"lang": "en", "value": "The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administrators can toggle this behavior in newer versions."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.sagedpw.at/"}, {"url": "https://pastebin.com/Tk4LgMG2"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AC:H/AV:N/A:N/C:L/I:N/PR:N/S:U/UI:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T15:53:32.091378Z", "id": "CVE-2025-67806", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T15:53:44.181Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-67806", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-01T15:53:44.181Z", "dateReserved": "2025-12-12T00:00:00.000Z", "datePublished": "2026-04-01T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-01T15:08:01.285Z"}, "descriptions": [{"lang": "en", "value": "The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administrators can toggle this behavior in newer versions."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.sagedpw.at/"}, {"url": "https://pastebin.com/Tk4LgMG2"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AC:H/AV:N/A:N/C:L/I:N/PR:N/S:U/UI:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-67806", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-01T15:53:32.091378Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T15:53:38.923Z"}}]}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sagedpw:sage_dpw:2025_06_004:*:*:*:*:*:*:*", "matchCriteriaId": "633B447B-E044-4548-9D21-E82129683125", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administrators can toggle this behavior in newer versions."}], "id": "CVE-2025-67806", "lastModified": "2026-04-07T19:37:26.290", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-01T16:23:48.323", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://pastebin.com/Tk4LgMG2"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.sagedpw.at/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-203"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2021_06_000)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "dpw", "vendor": "sage"}], "analysis": {"en": {"generated_at": "2026-04-07T21:31:20.402011+00:00", "value": {"mitigation_remediation": ["Verify the current Sage DPW version on all installations.", "If an installation is running a version older than 2021_06_000, upgrade to the latest release and enable the toggle that removes distinct login responses.", "If upgrading is infeasible, restrict network access to the login interface to trusted internal networks or VPNs.", "Monitor authentication logs for unusual patterns or repeated enumeration attempts."], "summary": {"action": "Assess Impact", "impact": "Account Enumeration"}, "threat_synthesis": {"affected_systems": "The affected product is Sage DPW. Versions released before 2021_06_000 exhibit the vulnerable behavior. In newer releases, on\u2011premise administrators can toggle the response behavior. The CPE string indicates an instance of Sage DPW 2025_06_004, which is not automatically vulnerable if the toggle is used, but earlier releases remain at risk.", "description_and_impact": "The vulnerability appears in the login mechanism of Sage DPW. When a username is entered, the system returns distinct responses depending on whether the account exists or not. This difference allows an attacker to confirm the presence or absence of user accounts, effectively enumerating credentials. This type of information disclosure corresponds to CWE\u2011200 (Sensitive Data Exposure) and CWE\u2011203 (Information Exposure through Differences in Error Message Content). The impact is limited to the disclosure of account names, but can be a stepping stone to further attacks such as credential guessing or social engineering.", "risk_and_exploitability": "The CVSS score of 3.7 indicates low severity. The EPSS score is below 1\u202f%, suggesting a low likelihood of exploitation at present. The vulnerability is not listed in CISA\u2019s KEV catalog. Exploitation requires an attacker to interact with the login interface, which is normally exposed over HTTP/HTTPS. Given the lack of a higher\u2011level prerequisite, the attack vector is inferred to be remote. The overall risk is moderate in environments where the older version is still in use and the interface is publicly accessible."}}}}, "created": "2026-04-02T07:51:30.303212+00:00", "updated": "2026-04-08T20:00:02.984279+00:00", "vendors": ["sage", "sage$PRODUCT$dpw"]}