CVE-2025-8306

MEDIUM

Asseco InfoMedica - Info Disclosure

Title source: llm

Description

Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. A low privileged user is able to obtain encoded passwords of all other accounts (including main administrator) due to lack of granularity in access control. Chained exploitation of this vulnerability and CVE-2025-8307 allows an attacker to escalate privileges. This vulnerability has been fixed in versions 4.50.1 and 5.38.0

References (1)

[Various Sources] https://cert.pl/en/posts/2026/01/CVE-2025-8306/

Scores

CVSS v4 5.1

EPSS 0.0003

EPSS Percentile 7.7%

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1220

Status published

Products (2)

Asseco/InfoMedica Plus 4.0.0 - 4.50.1

Asseco/InfoMedica Plus 5.0.0 - 5.38.0

Published Jan 08, 2026

Tracked Since Feb 18, 2026