CVE-2025-35031
LOWDescription
Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. An attacker could convince a user to send this output to the attacker, thus allowing the attacker to impersonate that user. This issue is fixed as of 2025-04-08.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| mieweb | enterprise_health |
| mieweb | enterprise_health |
| mieweb | enterprise_health |
References
Frequently Asked Questions
What is CVE-2025-35031? +
How severe is CVE-2025-35031? +
What products are affected by CVE-2025-35031? +
How do I check if I'm vulnerable to CVE-2025-35031? +
Related Vulnerabilities
Backpropagate is a Python library for fine-tuning large language models on a single GPU. In versions 1.1.0 and 1.1.1, the …
This vulnerability exists in Meon KYC solutions due to debug mode is enabled in certain API endpoints. A remote attacker …
ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from environment variables in error log. This …
Debug Messages Revealing Unnecessary Information vulnerability in TLA Media GTM Kit gtm-kit allows Retrieve Embedded Sensitive Data.This issue affects GTM …
C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the …
Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows …