Information disclosure via IDOR in Asseco AMDX_CVE-2025-4596

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Asseco ADMX system is used for processing medical records. It allows logged in users to access medical files belonging to other users through manipulation of GET arguments containing document IDs.
This issue has been fixed in 6.09.01.62 version of ADMX.

Basic Information

ID CVE-2025-4596

Source CERT-PL

Published Jan 8, 2026 at 14:58

Modified Jan 8, 2026 at 15:36

Affected Product

Vendor Asseco

Product AMDX

Affected Versions Asseco AMDX 0

CWE Classification

CWE-639

References

cert.pl /en/posts/2026/01/CVE-2025-4596

{
    "lastseen": "",
    "description": "Asseco ADMX system is used for processing medical records. It allows logged in users to access medical files belonging to other users through manipulation of GET arguments containing document IDs.\nThis issue has been fixed in 6.09.01.62 version of ADMX.",
    "published": "2026-01-08T14:58:23.907Z",
    "modified": "2026-01-08T15:36:32.702Z",
    "type": "cve",
    "title": "Information disclosure via IDOR in Asseco AMDX",
    "source": "CERT-PL",
    "references": "https://cert.pl/en/posts/2026/01/CVE-2025-4596",
    "id": "CVE-2025-4596",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639"
    ],
    "cvelist": null,
    "sourceData": "Asseco AMDX 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AMDX",
    "version": "0",
    "vendor": "Asseco",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}