CVE-2025-35032

Published: Sep 29, 2025Modified: Jan 2, 2026

6.2

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: 9119a7d8-5eab-497f-8521-727c672e3725 (Secondary)

Description

Medical Informatics Engineering Enterprise Health allows authenticated users to upload arbitrary files. The impact of this behavior depends on how files are accessed. This issue is fixed as of 2025-04-08.

Affected (5)

Products: Mieweb: Enterprise Health

Mieweb

1 product

Enterprise Health

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Mieweb Enterprise Health	Version rc202303
Mieweb Enterprise Health	Version rc202309
Mieweb Enterprise Health	Version rc202403
Mieweb Enterprise Health	Version rc202409
Mieweb Enterprise Health	Version rc202503

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-272-01.json

Source: 9119a7d8-5eab-497f-8521-727c672e3725

Third Party Advisory

https://www.cve.org/CVERecord?id=CVE-2025-35032

Source: 9119a7d8-5eab-497f-8521-727c672e3725

Third Party Advisory

Timeline

No history available yet.