PT-2025-23549 · Unknown · Clinical Collaboration Platform
Published
2025-06-02
·
Updated
2025-06-13
·
CVE-2025-27955
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Clinical Collaboration Platform version 12.2.1.5
Description
The issue is related to a weak logout system in the Clinical Collaboration Platform, where the session token remains valid after a user logs out. This allows a remote attacker to obtain sensitive information and execute arbitrary code.
Recommendations
For Clinical Collaboration Platform version 12.2.1.5, consider implementing a proper session token invalidation mechanism after logout to prevent unauthorized access. As a temporary workaround, restrict access to sensitive information and limit the execution of arbitrary code until a proper fix is applied.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Clinical Collaboration Platform