{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-67806", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-01T15:53:44.181Z", "dateReserved": "2025-12-12T00:00:00.000Z", "datePublished": "2026-04-01T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-01T15:08:01.285Z"}, "descriptions": [{"lang": "en", "value": "The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administrators can toggle this behavior in newer versions."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.sagedpw.at/"}, {"url": "https://pastebin.com/Tk4LgMG2"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AC:H/AV:N/A:N/C:L/I:N/PR:N/S:U/UI:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T15:53:32.091378Z", "id": "CVE-2025-67806", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T15:53:44.181Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-67806", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-01T15:53:44.181Z", "dateReserved": "2025-12-12T00:00:00.000Z", "datePublished": "2026-04-01T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-01T15:08:01.285Z"}, "descriptions": [{"lang": "en", "value": "The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administrators can toggle this behavior in newer versions."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.sagedpw.at/"}, {"url": "https://pastebin.com/Tk4LgMG2"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AC:H/AV:N/A:N/C:L/I:N/PR:N/S:U/UI:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-67806", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-01T15:53:32.091378Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T15:53:38.923Z"}}]}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sagedpw:sage_dpw:2025_06_004:*:*:*:*:*:*:*", "matchCriteriaId": "633B447B-E044-4548-9D21-E82129683125", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administrators can toggle this behavior in newer versions."}], "id": "CVE-2025-67806", "lastModified": "2026-04-07T19:37:26.290", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-01T16:23:48.323", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://pastebin.com/Tk4LgMG2"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.sagedpw.at/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-203"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2021_06_000)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "dpw", "vendor": "sage"}], "analysis": {"en": {"generated_at": "2026-04-08T21:29:55.463140+00:00", "value": {"mitigation_remediation": ["Upgrade to Sage DPW 2021_06_004 or a newer release if currently on a vulnerable version.", "Log into the Sage DPW administrative console and disable the distinct username response setting to eliminate account enumeration.", "Verify the mitigation by attempting a login with a non\u2011existent username and confirming the response matches that of valid accounts.", "Consult Sage DPW documentation or support for detailed configuration guidance."], "summary": {"action": "Patch", "impact": "User enumeration via login responses"}, "threat_synthesis": {"affected_systems": "Sage DPW installations running the 2021_06_004 build or earlier \u2013 specifically versions predating 2021_06_000 \u2013 are impacted. The vulnerability is identified in the Sage DPW product as published under the CPE 2025_06_004. On\u2011premise administrators have the ability to toggle the enumeration behavior in newer releases, but before version\u00a02021_06_000 the feature cannot be disabled, leaving all such deployments susceptible.", "description_and_impact": "The vulnerability arises when the Sage DPW login page returns different responses for valid versus invalid usernames. This subtle difference enables an attacker to test whether a given account exists, providing an information disclosure path that does not grant direct control but reveals user enumeration. The weakness aligns with CWE\u2011203, which concerns unintended information leaks through varying output. An enumerated list of users can be used for social engineering, credential guessing, or targeted attacks on privileged accounts, thus compromising confidentiality of account existence.", "risk_and_exploitability": "The CVSS score of 3.7 places the issue in the low\u2011severity range, and the EPSS score of less than 1% indicates a very low probability of exploitation as of the current data. It is not listed in CISA\u2019s KEV catalog. While the exploit requires only access to the web\u2011based login interface \u2013 a route likely available to anyone who can reach the Sage DPW instance \u2013 the impact is limited to account enumeration. Consequently the overall risk is modest, yet the vulnerability remains actionable for security teams that need to protect user information."}}}}, "created": "2026-04-02T07:51:30.303212+00:00", "title": "Account Enumeration via Username Disclosure in Sage DPW", "updated": "2026-04-09T08:29:25.718929+00:00", "vendors": ["sage", "sage$PRODUCT$dpw"]}