CVE-2025-4596

MEDIUM

Asseco ADMX <6.09.01.62 - Info Disclosure

Title source: llm

Description

Asseco ADMX system is used for processing medical records. It allows logged in users to access medical files belonging to other users through manipulation of GET arguments containing document IDs. This issue has been fixed in 6.09.01.62 version of ADMX.

References (1)

Core 1

Core References

Various Sources

https://cert.pl/en/posts/2026/01/CVE-2025-4596

Scores

CVSS v4 5.3

EPSS 0.0002

EPSS Percentile 5.2%

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-639

Status published

Products (1)

Asseco/AMDX < 6.09.01.62

Published Jan 08, 2026

Tracked Since Feb 18, 2026