Medical Informatics Engineering Enterprise Health CSV injection_CVE-2025-35033

6.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H

Description

Medical Informatics Engineering Enterprise Health has a CSV injection vulnerability that allows a remote, authenticated attacker to inject macros in downloadable CSV files. This issue is fixed as of 2025-03-14.

Basic Information

ID CVE-2025-35033

Source cisa-cg

Published Sep 29, 2025 at 20:01

Affected Product

Vendor Medical Informatics Engineering

Product Enterprise Health

Version RC202503

Affected Versions Medical Informatics Engineering Enterprise Health RC202503
Medical Informatics Engineering Enterprise Health RC202409
Medical Informatics Engineering Enterprise Health RC202403
Medical Informatics Engineering Enterprise Health RC202309
Medical Informatics Engineering Enterprise Health RC202303

CWE Classification

CWE-1236

References

{
    "lastseen": "",
    "description": "Medical Informatics Engineering Enterprise Health has a CSV injection vulnerability that allows a remote, authenticated attacker to inject macros in downloadable CSV files. This issue is fixed as of 2025-03-14.",
    "published": "2025-09-29T20:01:38.144Z",
    "modified": "2025-09-29T20:01:38.144Z",
    "type": "cve",
    "title": "Medical Informatics Engineering Enterprise Health CSV injection",
    "source": "cisa-cg",
    "references": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-272-01.json\nhttps://www.cve.org/CVERecord?id=CVE-2025-35033",
    "id": "CVE-2025-35033",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1236"
    ],
    "cvelist": null,
    "sourceData": "Medical Informatics Engineering Enterprise Health RC202503\nMedical Informatics Engineering Enterprise Health RC202409\nMedical Informatics Engineering Enterprise Health RC202403\nMedical Informatics Engineering Enterprise Health RC202309\nMedical Informatics Engineering Enterprise Health RC202303",
    "sourceHref": "",
    "cvss": {
        "score": 6.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Enterprise Health",
    "version": "RC202503",
    "vendor": "Medical Informatics Engineering",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}