CVE-2025-35032
3.4
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N
Summary
Medical Informatics Engineering Enterprise Health allows authenticated users to upload arbitrary files. The impact of this behavior depends on how files are accessed. This issue is fixed as of 2025-04-08.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Medical Informatics Engineering | Enterprise Health | 0 < 2025-04-08 | affected |
| Medical Informatics Engineering | Enterprise Health | 2025-04-08 | unaffected |
Weaknesses
- CWE-434: CWE-434 Unrestricted Upload of File with Dangerous Type
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-272-01.json
- https://www.cve.org/CVERecord?id=CVE-2025-35032
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.