CVE-2025-67806

LOW CVSS 3.7 View on NVD ↗

Description

The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administrators can toggle this behavior in newer versions.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

References

https://pastebin.com/Tk4LgMG2
https://www.sagedpw.at/

Published: Apr 01, 2026 16:23 UTC Modified: Apr 01, 2026 16:23 UTC