9.9
CVE-2025-35032
- EPSS 0.24%
- Veröffentlicht 29.09.2025 20:15:32
- Zuletzt bearbeitet 02.01.2026 20:31:06
- Quelle 9119a7d8-5eab-497f-8521-727c67
- CVE-Watchlists
- Unerledigt
LoginMedical Informatics Engineering Enterprise Health arbitrary file upload
Medical Informatics Engineering Enterprise Health allows authenticated users to upload arbitrary files. The impact of this behavior depends on how files are accessed. This issue is fixed as of 2025-04-08.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mieweb ≫ Enterprise Health Versionrc202303
Mieweb ≫ Enterprise Health Versionrc202309
Mieweb ≫ Enterprise Health Versionrc202403
Mieweb ≫ Enterprise Health Versionrc202409
Mieweb ≫ Enterprise Health Versionrc202503
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.145 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.9 | 3.1 | 6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
| 9119a7d8-5eab-497f-8521-727c672e3725 | 6.2 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| 9119a7d8-5eab-497f-8521-727c672e3725 | 3.4 | 1.7 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-272-01.json
https://www.cve.org/CVERecord?id=CVE-2025-35032