CVE 8.1 HIGH

Medical Informatics Engineering Enterprise Health cross site request forgery_CVE-2025-35030

September 29, 2025 invoker category_cve
8.1 / 10
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Description

Medical Informatics Engineering Enterprise Health has a cross site request forgery vulnerability that allows an unauthenticated attacker to trick administrative users into clicking a crafted URL and perform actions on behalf of that administrative user. This issue is fixed as of 2025-04-08.

Basic Information

ID CVE-2025-35030
Source cisa-cg
Published Sep 29, 2025 at 20:00

Affected Product

Vendor Medical Informatics Engineering
Product Enterprise Health
Version RC202503
Affected Versions Medical Informatics Engineering Enterprise Health RC202503
Medical Informatics Engineering Enterprise Health RC202409
Medical Informatics Engineering Enterprise Health RC202403
Medical Informatics Engineering Enterprise Health RC202309
Medical Informatics Engineering Enterprise Health RC202303

CWE Classification

CWE-352

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.