CVE-2025-1575

Published Feb 23, 2025

Last updated a month ago

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-1575 is a vulnerability found in Harpia DiagSystem version 12. The vulnerability exists due to improper control of resource identifiers in an unspecified function within the file `/diagsystem/PACS/atualatendimento_jpeg.php`. Specifically, manipulation of the `cod/codexame` argument can be exploited to trigger the vulnerability. The attack can be launched remotely. This vulnerability was publicly disclosed and an exploit may be available. Attempts to contact the vendor regarding this issue have reportedly gone unanswered.

Description
A vulnerability classified as problematic has been found in Harpia DiagSystem 12. Affected is an unknown function of the file /diagsystem/PACS/atualatendimento_jpeg.php. The manipulation of the argument cod/codexame leads to improper control of resource identifiers. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Source
cna@vuldb.com
NVD status
Received

Risk scores

CVSS 4.0

Type
Secondary
Base score
5.3
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
MEDIUM

CVSS 3.1

Type
Primary
Base score
4.3
Impact score
1.4
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Severity
MEDIUM

CVSS 2.0

Type
Secondary
Base score
4
Impact score
2.9
Exploitability score
8
Vector string
AV:N/AC:L/Au:S/C:P/I:N/A:N

Weaknesses

cna@vuldb.com
CWE-99

Social media

Hype score
Not currently trending