CVE-2025-35030

Published: Sep 29, 2025Modified: Jan 2, 2026

8.6

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: 9119a7d8-5eab-497f-8521-727c672e3725 (Secondary)

Description

Medical Informatics Engineering Enterprise Health has a cross site request forgery vulnerability that allows an unauthenticated attacker to trick administrative users into clicking a crafted URL and perform actions on behalf of that administrative user. This issue is fixed as of 2025-04-08.

Affected (5)

Products: Mieweb: Enterprise Health

Mieweb

1 product

Enterprise Health

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Mieweb Enterprise Health	Version rc202303
Mieweb Enterprise Health	Version rc202309
Mieweb Enterprise Health	Version rc202403
Mieweb Enterprise Health	Version rc202409
Mieweb Enterprise Health	Version rc202503

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-272-01.json

Source: 9119a7d8-5eab-497f-8521-727c672e3725

Third Party Advisory

https://www.cve.org/CVERecord?id=CVE-2025-35030

Source: 9119a7d8-5eab-497f-8521-727c672e3725

Third Party Advisory

Timeline

No history available yet.