CVE-2025-11609
LOWCode-projects Hospital Management System 1.0 - Code Injection
Title source: llmDescription
A flaw has been found in code-projects Hospital Management System 1.0. Affected is the function session of the component express-session. This manipulation of the argument secret with the input secret causes use of hard-coded cryptographic key . The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is told to be difficult. The exploit has been published and may be used.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.327932
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.327932
Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.672589
Exploit, Mitigation, Third Party Advisory exploit
https://github.com/lakshayyverma/CVE-Discovery/blob/main/Hospital%20Management%20System.md
Product product
https://code-projects.org/
Scores
CVSS v3
3.7
EPSS
0.0047
EPSS Percentile
36.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-320
CWE-321
Status
published
Products (1)
fabian/hospital_management_system
1.0
Published
Oct 11, 2025
Tracked Since
Feb 18, 2026