CVE-2025-35031

Summary

Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. An attacker could convince a user to send this output to the attacker, thus allowing the attacker to impersonate that user. This issue is fixed as of 2025-04-08.

Affected Software

VendorProductVersion RangeStatus
Medical Informatics EngineeringEnterprise HealthRC202503 < RC202503 2025-04-08affected
Medical Informatics EngineeringEnterprise HealthRC202409 < RC202409 2025-04-08affected
Medical Informatics EngineeringEnterprise HealthRC202403 < RC202403 2025-04-08affected
Medical Informatics EngineeringEnterprise HealthRC202503 2025-04-08unaffected
Medical Informatics EngineeringEnterprise HealthRC202409 2025-04-08unaffected
Medical Informatics EngineeringEnterprise HealthRC202403 2025-04-08unaffected

Weaknesses

  • CWE-1295: CWE-1295 Debug Messages Revealing Unnecessary Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References