CVE-2025-8307

MEDIUM

Asseco InfoMedica - Code Injection

Title source: llm

Description

Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of all users are stored in a database in an encoded format. An attacker in possession of these encoded passwords is able to decode them by using an algorithm embedded in the client-side part of the software. This vulnerability has been fixed in versions 4.50.1 and 5.38.0

References (1)

[Various Sources] https://cert.pl/en/posts/2026/01/CVE-2025-8306/

Scores

CVSS v4 5.9

EPSS 0.0002

EPSS Percentile 5.8%

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-257

Status published

Products (2)

Asseco/InfoMedica Plus 4.0.0 - 4.50.1

Asseco/InfoMedica Plus 5.0.0 - 5.38.0

Published Jan 08, 2026

Tracked Since Feb 18, 2026