CVE-2025-11609
low-risk
Published 2025-10-11
A flaw has been found in code-projects Hospital Management System 1.0. Affected is the function session of the component express-session. This manipulation of the argument secret with the input secret causes use of hard-coded cryptographic key . The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is told to be difficult. The exploit has been published and may be used.
Do I need to act?
-
0.19% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.7/10
Low
NETWORK
/ HIGH complexity
Affected Products (1)
Hospital Management System
Affected Vendors
References (6)
Product
https://code-projects.org/
Permissions Required
https://vuldb.com/?ctiid.327932
Third Party Advisory
https://vuldb.com/?id.327932
Third Party Advisory
https://vuldb.com/?submit.672589
19
/ 100
low-risk
Severity
13/34 · Low
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal