CVE-2025-11609
BaseFortify
Publication date: 2025-10-11
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fabian | hospital_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-320 | Key Management Errors |
| CWE-321 | The product uses a hard-coded, unchangeable cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a flaw in the Hospital Management System 1.0, specifically in the express-session component's session function. It involves manipulation of the 'secret' argument, causing the use of a hard-coded cryptographic key. This flaw can be exploited remotely, but the attack is considered to have high complexity and is difficult to exploit.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized manipulation of session secrets due to the use of a hard-coded cryptographic key, potentially allowing attackers to interfere with session integrity. Although the impact on confidentiality and availability is not indicated, there is a low impact on integrity. Exploiting this vulnerability requires high complexity and is difficult, but it can be initiated remotely.