Description
Medical Informatics Engineering Enterprise Health allows authenticated users to upload arbitrary files. The impact of this behavior depends on how files are accessed. This issue is fixed as of 2025-04-08.
References (2)
Core 2
Core References
Third Party Advisory
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-272-01.json
Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2025-35032
Scores
CVSS v3
3.4
EPSS
0.0003
EPSS Percentile
9.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-434
Status
published
Products (5)
mieweb/enterprise_health
rc202303
mieweb/enterprise_health
rc202309
mieweb/enterprise_health
rc202403
mieweb/enterprise_health
rc202409
mieweb/enterprise_health
rc202503
Published
Sep 29, 2025
Tracked Since
Feb 18, 2026