CVE-2025-27955
MEDIUMDescription
Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute arbitrary code.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| philips | clinical_collaboration_platform |
References
Frequently Asked Questions
What is CVE-2025-27955? +
How severe is CVE-2025-27955? +
What products are affected by CVE-2025-27955? +
How do I check if I'm vulnerable to CVE-2025-27955? +
Related Vulnerabilities
Insecure permissions in volcano v1.8.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.
In jose4j before 0.9.6, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) …
Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative …
An information disclosure vulnerability exists in multiple WSO2 products due to improper implementation of the enrich mediator. Authenticated users may …
In Gatling Enterprise versions below 1.25.0, a user logging-out can still use his session token to continue using the application …
A security flaw in the '_transfer' function of a smart contract implementation for Money Making Opportunity (MMO), an Ethereum ERC721 …