CVE-2025-35030

Summary

Medical Informatics Engineering Enterprise Health has a cross site request forgery vulnerability that allows an unauthenticated attacker to trick administrative users into clicking a crafted URL and perform actions on behalf of that administrative user. This issue is fixed as of 2025-04-08.

Affected Software

VendorProductVersion RangeStatus
Medical Informatics EngineeringEnterprise HealthRC202503 < RC202503 2025-04-08affected
Medical Informatics EngineeringEnterprise HealthRC202409 < RC202409 2025-04-08affected
Medical Informatics EngineeringEnterprise HealthRC202403 < RC202403 2025-04-08affected
Medical Informatics EngineeringEnterprise HealthRC202309 < RC202309 2025-04-08affected
Medical Informatics EngineeringEnterprise HealthRC202303 < RC202303 2025-04-08affected
Medical Informatics EngineeringEnterprise HealthRC202503 2025-04-08unaffected
Medical Informatics EngineeringEnterprise HealthRC202409 2025-04-08unaffected
Medical Informatics EngineeringEnterprise HealthRC202403 2025-04-08unaffected
Medical Informatics EngineeringEnterprise HealthRC202309 2025-04-08unaffected
Medical Informatics EngineeringEnterprise HealthRC202303 2025-04-08unaffected

Weaknesses

  • CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References