CVE-2025-35030
BaseFortify
Publication date: 2025-09-29
Last updated on: 2025-10-02
Assigner: Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| medical_informatics_engineering | enterprise_health | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a cross site request forgery (CSRF) in Medical Informatics Engineering Enterprise Health. It allows an unauthenticated attacker to trick administrative users into clicking a specially crafted URL, which then causes the administrative user to unknowingly perform actions on behalf of the attacker.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized actions being performed with administrative privileges without the administrator's consent. This can compromise the integrity and security of the system, potentially leading to unauthorized changes or access to sensitive information.
What immediate steps should I take to mitigate this vulnerability?
Apply the fix released as of 2025-04-08 for Medical Informatics Engineering Enterprise Health to address the cross site request forgery vulnerability. Until the patch is applied, avoid clicking on untrusted or suspicious URLs, especially for administrative users, to prevent exploitation.