CVE-2025-54551

Summary

Synapse Mobility 8.0, 8.0.1, 8.0.2, 8.1, and 8.1.1 contain a privilege escalation vulnerability through external control of Web parameter. If exploited, a user of the product may escalate the privilege and access data that the user do not have permission to view by altering the parameters of the search function.

Affected Software

VendorProductVersion RangeStatus
FUJIFILM Healthcare Americas CorporationSynapse Mobility8.0affected
FUJIFILM Healthcare Americas CorporationSynapse Mobility8.0.1affected
FUJIFILM Healthcare Americas CorporationSynapse Mobility8.0.2affected
FUJIFILM Healthcare Americas CorporationSynapse Mobility8.1affected
FUJIFILM Healthcare Americas CorporationSynapse Mobilityand 8.1.1affected

Weaknesses

  • CWE-472: External control of assumed-Immutable web parameter

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References