CVE-2025-35032 LOW

CVE-2025-35032: Medical Informatics Engineering Enterprise Health arbitrary file upload

Vendor Medical Informatics Engineering
Product Enterprise Health
Weakness CWE-434 · Unrestricted file upload
Published September 29, 2025
Last update September 30, 2025

CVSS base score

3.4/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N

What the vulnerability does

01Description

Medical Informatics Engineering Enterprise Health allows authenticated users to upload arbitrary files. The impact of this behavior depends on how files are accessed. This issue is fixed as of 2025-04-08.

Key dates

02Disclosure timeline

September 29, 2025 CVE published
September 30, 2025 Record updated