1. EXECUTIVE SUMMARY
- CVSS v4 5.3
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: FUJIFILM Healthcare Americas Corporation
- Equipment: Synapse Mobility
- Vulnerability: External Control of Assumed-Immutable Web Parameter
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to access information beyond their assigned roles.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of FUJIFILM Healthcare Americas Synapse Mobility are affected:
- Synapse Mobility: Versions prior to 8.2
3.2 VULNERABILITY OVERVIEW
3.2.1 EXTERNAL CONTROL OF ASSUMED-IMMUTABLE WEB PARAMETER CWE-472
FUJIFILM Healthcare Americas Synapse Mobility versions prior to 8.2 contains a privilege escalation vulnerability through external control of Web parameter. Exploitation of this vulnerability could allow an attacker to bypass authentication and access information beyond role-based access controls.
CVE-2025-54551 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
A CVSS v4 score has also been calculated for CVE-2025-54551. A base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Healthcare and Public Health
- <
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article: