CVE-2025-67805 Overview
A non-default configuration vulnerability exists in Sage DPW version 2025_06_004 that allows unauthenticated access to diagnostic endpoints within the Database Monitor feature. When this feature is enabled, attackers can remotely access sensitive information including password hashes and database table names without any authentication credentials.
Critical Impact
Unauthenticated attackers can access sensitive diagnostic endpoints to extract password hashes and database schema information, potentially enabling credential attacks and further system compromise.
Affected Products
- Sage DPW version 2025_06_004 (when Database Monitor feature is manually enabled)
- Sage DPW versions prior to 2025_06_003 (when Database Monitor feature is manually enabled)
Discovery Timeline
- 2026-04-01 - CVE CVE-2025-67805 published to NVD
- 2026-04-01 - Last updated in NVD database
Technical Details for CVE-2025-67805
Vulnerability Analysis
This information disclosure vulnerability stems from an insecure default configuration issue in Sage DPW's Database Monitor feature. When administrators manually enable this non-default diagnostic functionality, the application exposes sensitive endpoints without requiring authentication. These endpoints reveal critical internal data including password hashes and database table names.
It is important to note that the Database Monitor feature is disabled by default in all on-premises installations and is never available in Sage DPW Cloud deployments. The vendor has forcibly disabled this feature again in version 2025_06_003, preventing the vulnerability from being exploited even if administrators attempt to enable it.
The exposure of password hashes presents a significant risk as attackers could potentially perform offline cracking attacks to recover plaintext credentials. Additionally, knowledge of database table names could facilitate further attacks such as SQL injection by providing attackers with schema information.
Root Cause
The root cause of this vulnerability is improper access control on diagnostic endpoints within the Database Monitor feature. When enabled, the feature does not implement authentication checks before serving sensitive diagnostic information, allowing any network-accessible attacker to query these endpoints and retrieve confidential data.
Attack Vector
The attack vector is network-based and requires no authentication or user interaction. An attacker with network access to a vulnerable Sage DPW instance where the Database Monitor feature has been manually enabled can directly query the diagnostic endpoints to extract sensitive information including password hashes and database table names.
The attack complexity is considered high because the vulnerable feature is disabled by default and requires administrator action to enable. Organizations running the default configuration or using Sage DPW Cloud are not affected by this vulnerability.
Detection Methods for CVE-2025-67805
Indicators of Compromise
- Unexpected HTTP requests to Database Monitor diagnostic endpoints from external or unauthorized IP addresses
- Anomalous access patterns to diagnostic or monitoring endpoints during non-maintenance windows
- Evidence of bulk data extraction or enumeration attempts against Sage DPW application endpoints
Detection Strategies
- Monitor web server access logs for requests to diagnostic endpoint paths associated with the Database Monitor feature
- Implement network intrusion detection rules to alert on unauthenticated access attempts to sensitive application endpoints
- Review application configuration regularly to ensure the Database Monitor feature remains disabled
Monitoring Recommendations
- Deploy web application firewall (WAF) rules to block access to diagnostic endpoints from untrusted networks
- Configure alerting for any configuration changes that enable the Database Monitor feature
- Establish baseline network traffic patterns and alert on anomalous connections to the Sage DPW application
How to Mitigate CVE-2025-67805
Immediate Actions Required
- Verify that the Database Monitor feature is disabled in all Sage DPW installations
- Upgrade to Sage DPW version 2025_06_003 or later where the feature has been forcibly disabled
- Review access logs for any evidence of exploitation prior to patching
- Implement network segmentation to restrict access to Sage DPW management interfaces
Patch Information
Sage has addressed this vulnerability by forcibly disabling the Database Monitor feature in version 2025_06_003 and later releases. Organizations should upgrade to the latest available version to ensure protection. For additional information, refer to the SageDPW Security Resource.
Workarounds
- Disable the Database Monitor feature in application configuration if running a vulnerable version
- Implement network-level access controls to restrict access to the Sage DPW application from trusted networks only
- Consider migrating to Sage DPW Cloud where this feature is not available
- Deploy a reverse proxy or WAF to filter requests to diagnostic endpoints
# Configuration example
# Verify Database Monitor is disabled in Sage DPW configuration
# Check application settings and ensure diagnostic endpoints are not accessible
# Restrict network access to trusted IP ranges only
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
