Observable Response Discrepancy

CVE-2025-67807

Medium

4.7/10

Summary

The login mechanism of Sage DPW 2025_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administrators can toggle this behaviour in newer versions.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: CHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-204 - Observable Response Discrepancy

The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.

References

Advisory Timeline

Published Apr 01, 2026

Observable Response Discrepancy

CVE-2025-67807

Summary

CWE-204 - Observable Response Discrepancy

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS