Medical Informatics Engineering Enterprise Health arbitrary file upload_CVE-2025-35032

3.4 / 10

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N

Description

Medical Informatics Engineering Enterprise Health allows authenticated users to upload arbitrary files. The impact of this behavior depends on how files are accessed. This issue is fixed as of 2025-04-08.

Basic Information

ID CVE-2025-35032

Source cisa-cg

Published Sep 29, 2025 at 20:01

Affected Product

Vendor Medical Informatics Engineering

Product Enterprise Health

Affected Versions Medical Informatics Engineering Enterprise Health 0

CWE Classification

CWE-434

References

{
    "lastseen": "",
    "description": "Medical Informatics Engineering Enterprise Health allows authenticated users to upload arbitrary files. The impact of this behavior depends on how files are accessed. This issue is fixed as of 2025-04-08.",
    "published": "2025-09-29T20:01:09.311Z",
    "modified": "2025-09-29T20:01:09.311Z",
    "type": "cve",
    "title": "Medical Informatics Engineering Enterprise Health arbitrary file upload",
    "source": "cisa-cg",
    "references": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-272-01.json\nhttps://www.cve.org/CVERecord?id=CVE-2025-35032",
    "id": "CVE-2025-35032",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "Medical Informatics Engineering Enterprise Health 0",
    "sourceHref": "",
    "cvss": {
        "score": 3.4,
        "severity": "LOW",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Enterprise Health",
    "version": "0",
    "vendor": "Medical Informatics Engineering",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}