Full Report
An issue allowing unauthorized access to medical records (CVE-2025-4596) was found in Asseco AMDX software.
Analysis Summary
# Vulnerability: Unauthorized Medical Record Access in Asseco AMDX
## CVE Details
- CVE ID: CVE-2025-4596
- CVSS Score: Data not explicitly provided, assumed High due to unauthorized access to sensitive medical records.
- CWE: CWE-639 (Authorization Bypass Through User-Controlled Key)
## Affected Systems
- Products: Asseco AMDX (Hospital Information System/HIS)
- Versions: All versions before 6.09.01.62
- Configurations: Applicable to instances where patients are logged in.
## Vulnerability Description
The vulnerability is an Authorization Bypass flaw (CWE-639) present in the Asseco AMDX software. A logged-in patient user can exploit this issue by manipulating GET request arguments containing document IDs. This manipulation allows the unauthorized access, viewing, and retrieval of medical files belonging to other patients.
## Exploitation
- Status: Details on exploitation status (In the wild/PoC) are not provided in the source, but the vulnerability allows direct access to sensitive data. **Status listed as: Not explicitly stated in source.**
- Complexity: Likely Low, as it involves manipulating GET arguments upon successful user login.
- Attack Vector: Network (Requires authenticated session initiated over the network to the application server).
## Impact
- Confidentiality: **High** (Unauthorized disclosure of sensitive medical records).
- Integrity: **Low** (Primary impact is viewing data, not modification, though secondary risks may exist).
- Availability: **Low** (No direct impact on system uptime suggested).
## Remediation
### Patches
- **Fixed Version:** Asseco AMDX version **6.09.01.62** and later.
### Workarounds
- No specific workarounds were provided in the source material. Administrators should prioritize immediate patching if sensitive patient data is handled by this software.
## Detection
- Indicators of Compromise (IOCs): Look for unusual patterns in web server or application logs indicating unauthorized access attempts utilizing modified document ID parameters within GET requests to document retrieval endpoints, potentially originating from authenticated patient sessions.
- Detection Methods and Tools: Application logs review, Web Application Firewalls (WAF) monitoring for suspicious parameter manipulation targeting document ID fields.
## References
- Vendor Advisories: Asseco (Implied via coordinated disclosure).
- Relevant links - defanged:
- https[:]//www[.]cve[.]org/CVERecord?id=CVE-2025-4596
- https[:]//cert[.]pl/en/cvd/