CVE-2025-11609

Published: Oct 11, 2025Modified: Apr 29, 2026

2.9

Vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A flaw has been found in code-projects Hospital Management System 1.0. Affected is the function session of the component express-session. This manipulation of the argument secret with the input secret causes use of hard-coded cryptographic key . The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is told to be difficult. The exploit has been published and may be used.

Affected (1)

Products: Fabian: Hospital Management System

1 product

Hospital Management System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fabian Hospital Management System	Version 1.0

Related CWEs

Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

References (6)

https://code-projects.org/

Source: cna@vuldb.com

Product

https://github.com/lakshayyverma/CVE-Discovery/blob/main/Hospital%20Management%20System.md

Source: cna@vuldb.com

ExploitMitigationThird Party Advisory

https://vuldb.com/?ctiid.327932

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.327932

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.672589

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://github.com/lakshayyverma/CVE-Discovery/blob/main/Hospital%20Management%20System.md

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitMitigationThird Party Advisory

Timeline

No history available yet.