PT-2026-1802 · Asseco · Asseco Admx
Wiktor Mróz
·
Published
2026-01-08
·
Updated
2026-01-08
·
CVE-2025-4596
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Asseco ADMX versions prior to 6.09.01.62
Description
The Asseco ADMX system, used for processing medical records, allows authenticated users to access medical files belonging to other users. This is achieved by manipulating GET arguments containing document IDs, leading to an information disclosure issue. The system is vulnerable to an Insecure Direct Object Reference (IDOR) condition.
Recommendations
Update to version 6.09.01.62 or later.
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Asseco Admx