CVE-2025-35031

Medical Informatics Engineering Enterprise Health includes session token in debug output

CVSS 4.6 MEDIUMEPSS 0.1%CWE-1295

In short

Enterprise Health accidentally includes your session token in debug messages. If an attacker tricks you into sharing this debug output, they can pretend to be you and access your account.

Technical detail

CWE-1295 (Sensitive Information in Debug Output) vulnerability where session tokens are exposed in debug logs. An attacker can perform account takeover by social engineering a user to disclose debug output and then using the leaked token for unauthorized authentication. Fixed in versions released after 2025-04-08.

Summary generated and translated by AI from the official description.

Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. An attacker could convince a user to send this output to the attacker, thus allowing the attacker to impersonate that user. This issue is fixed as of 2025-04-08.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected products

Medical Informatics Engineering · Enterprise Health

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-272-01.json https://www.cve.org/CVERecord?id=CVE-2025-35031