CVE-2025-8857

Summary

Clinic Image System developed by Changing contains hard-coded Credentials, allowing unauthenticated remote attackers to log into the system using administrator credentials embedded in the source code.

Affected Software

VendorProductVersion RangeStatus
ChangingClinic Image System0 <= 2.4.23.2131affected
ChangingClinic Image System1.5.*unaffected
ChangingClinic Image System2.0.*unaffected

Weaknesses

  • CWE-798: CWE-798 Use of Hard-coded Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References