Improper Access Control in Asseco Infomedica Plus_CVE-2025-8306

5.1 / 10

MEDIUM

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. A low privileged user is able to obtain encoded passwords of all other accounts (including main administrator) due to lack of granularity in access control.
Chained exploitation of this vulnerability and CVE-2025-8307 allows an attacker to escalate privileges. This vulnerability has been fixed in versions 4.50.1 and 5.38.0

Basic Information

ID CVE-2025-8306

Source CERT-PL

Published Jan 8, 2026 at 13:43

Affected Product

Vendor Asseco

Product InfoMedica Plus

Version 5.0.0

Affected Versions Asseco InfoMedica Plus 5.0.0
Asseco InfoMedica Plus 4.0.0

CWE Classification

CWE-1220

References

cert.pl /en/posts/2026/01/CVE-2025-8306/

{
    "lastseen": "",
    "description": "Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. A low privileged user is able to obtain encoded passwords of all other accounts (including main administrator) due to lack of granularity in access control.\u00a0\nChained exploitation of this vulnerability and\u00a0CVE-2025-8307 allows an attacker to escalate privileges.\u00a0This vulnerability has been fixed in versions 4.50.1 and 5.38.0",
    "published": "2026-01-08T13:43:33.570Z",
    "modified": "2026-01-08T13:43:33.570Z",
    "type": "cve",
    "title": "Improper Access Control in Asseco Infomedica Plus",
    "source": "CERT-PL",
    "references": "https://cert.pl/en/posts/2026/01/CVE-2025-8306/",
    "id": "CVE-2025-8306",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1220"
    ],
    "cvelist": null,
    "sourceData": "Asseco InfoMedica Plus 5.0.0\nAsseco InfoMedica Plus 4.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "InfoMedica Plus",
    "version": "5.0.0",
    "vendor": "Asseco",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}