Asseco · Asseco Admx · CVE-2025-4596
**Name of the Vulnerable Software and Affected Versions**
Asseco ADMX versions prior to 6.09.01.62
**Description**
The Asseco ADMX system, used for processing medical records, allows authenticated users to access medical files belonging to other users. This is achieved by manipulating GET arguments containing document IDs, leading to an information disclosure issue. The system is vulnerable to an Insecure Direct Object Reference (IDOR) condition.
**Recommendations**
Update to version 6.09.01.62 or later.