Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for InfoMedica Plus by Asseco

    CVE-2025-8307 (GCVE-0-2025-8307)

    Vulnerability from nvd – Published: 2026-01-08 13:43 – Updated: 2026-01-08 14:18
    VLAI
    Title
    Recoverable passwords in Asseco Infomedica Plus
    Summary
    Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of all users are stored in a database in an encoded format. An attacker in possession of these encoded passwords is able to decode them by using an algorithm embedded in the client-side part of the software.  This vulnerability has been fixed in versions 4.50.1 and 5.38.0
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-257 - Storing Passwords in a Recoverable Format
    Assigner
    References
    URL Tags
    https://cert.pl/en/posts/2026/01/CVE-2025-8306/ third-party-advisory
    Impacted products
    Vendor Product Version
    Asseco InfoMedica Plus Affected: 5.0.0 , < 5.38.0 (semver)
    Affected: 4.0.0 , < 4.50.1 (semver)
    Create a notification for this product.
    Date Public
    2026-01-08 10:11
    Credits
    Maciej Kazulak
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8307",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-08T14:18:46.776974Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-08T14:18:51.530Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "InfoMedica Plus",
              "vendor": "Asseco",
              "versions": [
                {
                  "lessThan": "5.38.0",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.50.1",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Maciej Kazulak"
            }
          ],
          "datePublic": "2026-01-08T10:11:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of all users are stored in a database in an encoded format. An attacker in possession of these encoded passwords is able to decode them by using an algorithm embedded in the client-side part of the software.\u0026nbsp;\u003cbr\u003eThis vulnerability has been fixed in versions\u0026nbsp;4.50.1 and 5.38.0"
                }
              ],
              "value": "Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of all users are stored in a database in an encoded format. An attacker in possession of these encoded passwords is able to decode them by using an algorithm embedded in the client-side part of the software.\u00a0\nThis vulnerability has been fixed in versions\u00a04.50.1 and 5.38.0"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-257",
                  "description": "CWE-257 Storing Passwords in a Recoverable Format",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-08T13:43:37.330Z",
            "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
            "shortName": "CERT-PL"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cert.pl/en/posts/2026/01/CVE-2025-8306/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Recoverable passwords in Asseco Infomedica Plus",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "assignerShortName": "CERT-PL",
        "cveId": "CVE-2025-8307",
        "datePublished": "2026-01-08T13:43:37.330Z",
        "dateReserved": "2025-07-29T13:00:37.007Z",
        "dateUpdated": "2026-01-08T14:18:51.530Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-8306 (GCVE-0-2025-8306)

    Vulnerability from nvd – Published: 2026-01-08 13:43 – Updated: 2026-01-08 14:23
    VLAI
    Title
    Improper Access Control in Asseco Infomedica Plus
    Summary
    Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. A low privileged user is able to obtain encoded passwords of all other accounts (including main administrator) due to lack of granularity in access control.  Chained exploitation of this vulnerability and CVE-2025-8307 allows an attacker to escalate privileges. This vulnerability has been fixed in versions 4.50.1 and 5.38.0
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1220 - Insufficient Granularity of Access Control
    Assigner
    References
    URL Tags
    https://cert.pl/en/posts/2026/01/CVE-2025-8306/ third-party-advisory
    Impacted products
    Vendor Product Version
    Asseco InfoMedica Plus Affected: 5.0.0 , < 5.38.0 (semver)
    Affected: 4.0.0 , < 4.50.1 (semver)
    Create a notification for this product.
    Date Public
    2026-01-08 10:11
    Credits
    Maciej Kazulak
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8306",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-08T14:23:15.489004Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-08T14:23:20.313Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "InfoMedica Plus",
              "vendor": "Asseco",
              "versions": [
                {
                  "lessThan": "5.38.0",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.50.1",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Maciej Kazulak"
            }
          ],
          "datePublic": "2026-01-08T10:11:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. A low privileged user is able to obtain encoded passwords of all other accounts (including main administrator) due to lack of granularity in access control.\u0026nbsp;\u003cbr\u003eChained exploitation of this vulnerability and\u0026nbsp;CVE-2025-8307 allows an attacker to escalate privileges.\u0026nbsp;This vulnerability has been fixed in versions 4.50.1 and 5.38.0"
                }
              ],
              "value": "Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. A low privileged user is able to obtain encoded passwords of all other accounts (including main administrator) due to lack of granularity in access control.\u00a0\nChained exploitation of this vulnerability and\u00a0CVE-2025-8307 allows an attacker to escalate privileges.\u00a0This vulnerability has been fixed in versions 4.50.1 and 5.38.0"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1220",
                  "description": "CWE-1220 Insufficient Granularity of Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-08T13:43:33.570Z",
            "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
            "shortName": "CERT-PL"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cert.pl/en/posts/2026/01/CVE-2025-8306/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Control in Asseco Infomedica Plus",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "assignerShortName": "CERT-PL",
        "cveId": "CVE-2025-8306",
        "datePublished": "2026-01-08T13:43:33.570Z",
        "dateReserved": "2025-07-29T12:07:30.706Z",
        "dateUpdated": "2026-01-08T14:23:20.313Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-8307 (GCVE-0-2025-8307)

    Vulnerability from cvelistv5 – Published: 2026-01-08 13:43 – Updated: 2026-01-08 14:18
    VLAI
    Title
    Recoverable passwords in Asseco Infomedica Plus
    Summary
    Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of all users are stored in a database in an encoded format. An attacker in possession of these encoded passwords is able to decode them by using an algorithm embedded in the client-side part of the software.  This vulnerability has been fixed in versions 4.50.1 and 5.38.0
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-257 - Storing Passwords in a Recoverable Format
    Assigner
    References
    URL Tags
    https://cert.pl/en/posts/2026/01/CVE-2025-8306/ third-party-advisory
    Impacted products
    Vendor Product Version
    Asseco InfoMedica Plus Affected: 5.0.0 , < 5.38.0 (semver)
    Affected: 4.0.0 , < 4.50.1 (semver)
    Create a notification for this product.
    Date Public
    2026-01-08 10:11
    Credits
    Maciej Kazulak
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8307",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-08T14:18:46.776974Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-08T14:18:51.530Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "InfoMedica Plus",
              "vendor": "Asseco",
              "versions": [
                {
                  "lessThan": "5.38.0",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.50.1",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Maciej Kazulak"
            }
          ],
          "datePublic": "2026-01-08T10:11:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of all users are stored in a database in an encoded format. An attacker in possession of these encoded passwords is able to decode them by using an algorithm embedded in the client-side part of the software.\u0026nbsp;\u003cbr\u003eThis vulnerability has been fixed in versions\u0026nbsp;4.50.1 and 5.38.0"
                }
              ],
              "value": "Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of all users are stored in a database in an encoded format. An attacker in possession of these encoded passwords is able to decode them by using an algorithm embedded in the client-side part of the software.\u00a0\nThis vulnerability has been fixed in versions\u00a04.50.1 and 5.38.0"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-257",
                  "description": "CWE-257 Storing Passwords in a Recoverable Format",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-08T13:43:37.330Z",
            "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
            "shortName": "CERT-PL"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cert.pl/en/posts/2026/01/CVE-2025-8306/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Recoverable passwords in Asseco Infomedica Plus",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "assignerShortName": "CERT-PL",
        "cveId": "CVE-2025-8307",
        "datePublished": "2026-01-08T13:43:37.330Z",
        "dateReserved": "2025-07-29T13:00:37.007Z",
        "dateUpdated": "2026-01-08T14:18:51.530Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-8306 (GCVE-0-2025-8306)

    Vulnerability from cvelistv5 – Published: 2026-01-08 13:43 – Updated: 2026-01-08 14:23
    VLAI
    Title
    Improper Access Control in Asseco Infomedica Plus
    Summary
    Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. A low privileged user is able to obtain encoded passwords of all other accounts (including main administrator) due to lack of granularity in access control.  Chained exploitation of this vulnerability and CVE-2025-8307 allows an attacker to escalate privileges. This vulnerability has been fixed in versions 4.50.1 and 5.38.0
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1220 - Insufficient Granularity of Access Control
    Assigner
    References
    URL Tags
    https://cert.pl/en/posts/2026/01/CVE-2025-8306/ third-party-advisory
    Impacted products
    Vendor Product Version
    Asseco InfoMedica Plus Affected: 5.0.0 , < 5.38.0 (semver)
    Affected: 4.0.0 , < 4.50.1 (semver)
    Create a notification for this product.
    Date Public
    2026-01-08 10:11
    Credits
    Maciej Kazulak
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8306",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-08T14:23:15.489004Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-08T14:23:20.313Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "InfoMedica Plus",
              "vendor": "Asseco",
              "versions": [
                {
                  "lessThan": "5.38.0",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.50.1",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Maciej Kazulak"
            }
          ],
          "datePublic": "2026-01-08T10:11:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. A low privileged user is able to obtain encoded passwords of all other accounts (including main administrator) due to lack of granularity in access control.\u0026nbsp;\u003cbr\u003eChained exploitation of this vulnerability and\u0026nbsp;CVE-2025-8307 allows an attacker to escalate privileges.\u0026nbsp;This vulnerability has been fixed in versions 4.50.1 and 5.38.0"
                }
              ],
              "value": "Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. A low privileged user is able to obtain encoded passwords of all other accounts (including main administrator) due to lack of granularity in access control.\u00a0\nChained exploitation of this vulnerability and\u00a0CVE-2025-8307 allows an attacker to escalate privileges.\u00a0This vulnerability has been fixed in versions 4.50.1 and 5.38.0"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1220",
                  "description": "CWE-1220 Insufficient Granularity of Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-08T13:43:33.570Z",
            "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
            "shortName": "CERT-PL"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cert.pl/en/posts/2026/01/CVE-2025-8306/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Control in Asseco Infomedica Plus",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "assignerShortName": "CERT-PL",
        "cveId": "CVE-2025-8306",
        "datePublished": "2026-01-08T13:43:33.570Z",
        "dateReserved": "2025-07-29T12:07:30.706Z",
        "dateUpdated": "2026-01-08T14:23:20.313Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }