CVE-2025-27580

Name of the Vulnerable Software and Affected Versions NIH BRICS (aka Biomedical Research Informatics Computing System) versions 14.0.0 through 14.0.0-67

Description The issue allows unauthenticated users with a Common Access Card (CAC) to escalate privileges and compromise any account, including administrators, due to the generation of predictable tokens. These tokens depend on the username, time, and a fixed string.

Recommendations For versions 14.0.0 through 14.0.0-67, consider restricting access to sensitive areas of the system until a patch is available to prevent privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.