CVE-2025-35031 LOW

CVE-2025-35031: Medical Informatics Engineering Enterprise Health includes session token in debug output

Vendor Medical Informatics Engineering
Product Enterprise Health
Weakness CWE-1295
Published September 29, 2025
Last update September 30, 2025

CVSS base score

3.3/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. An attacker could convince a user to send this output to the attacker, thus allowing the attacker to impersonate that user. This issue is fixed as of 2025-04-08.

Key dates

02Disclosure timeline

September 29, 2025 CVE published
September 30, 2025 Record updated