Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2025-27955

Improper Restriction of Security Token Assignment

Published: Jun 02, 2025 | Modified: Jun 13, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2025-27955
CWEhttps://cwe.mitre.org/data/definitions/1259.html

Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute arbitrary code.

Weakness

The System-On-A-Chip (SoC) implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens are improperly protected.

Affected Software

Name Vendor Start Version End Version
Clinical_collaboration_platform Philips 12.2.1.5 (including) 12.2.1.5 (including)

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use