CVE-2025-4377— Path traversal vulnerability in Sparx Pro Cloud Server WebEA webconfig in logview.php
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-4377
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Path traversal vulnerability in Sparx Pro Cloud Server WebEA webconfig in logview.php
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improper Limitation of a Pathname caused a Path Traversal vulnerability in Sparx Systems Pro Cloud Server. This vulnerability is present in logview.php and it allows reading arbitrary files on the filesystem. Logview is accessible on Pro Cloud Server Configuration interface. This issue affects Pro Cloud Server: earlier than 6.0.165.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Sparx Systems Pro Cloud Server 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Sparx Systems Pro Cloud Server是澳大利亚Sparx Systems公司的一个企业级模型协作平台,支持EA(Enterprise Architect)模型的云端共享与版本控制。 Sparx Systems Pro Cloud Server 6.0.165之前版本存在安全漏洞,该漏洞源于logview.php路径限制不当,可能导致路径遍历攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Sparx Systems | Pro Cloud Server | 0 ~ 6.0.163 | - |
II. Public POCs for CVE-2025-4377
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-4377
请登录查看更多情报信息。
Same Patch Batch · Sparx Systems · 2025-05-09 · 3 CVEs total
| CVE-2025-4376 | Cross-Site Scripting vulnerability in Model Search in Pro Cloud Server's WebEA | |
| CVE-2025-4375 | Cross-Site Request Forgery vulnerability in Pro Cloud Server's WebEA |
IV. Related Vulnerabilities
Same weakness: CWE-22
- CVE-2026-8274
npitre cramfs-tools Directory cramfsck.c do_directory path t - CVE-2022-50956
WordPress Plugin amministrazione-aperta 3.7.3 Local File Rea - CVE-2026-8215
Industrial Application Software IAS Canias ERP RMI iasReques - CVE-2026-42605
AzuraCast: Path Traversal in `currentDirectory` Parameter En - CVE-2026-42574
apko dirFS has a symlink-following path traversal that allow
V. Comments for CVE-2025-4377
No comments yet