关键信息 CVE ID: CVE-2025-35032 发布日期: 2025-09-29 更新日期: 2025-09-29 漏洞标题: Medical Informatics Engineering Enterprise Health Arbitrary File Upload 描述: Medical Informatics Engineering Enterprise Health 允许经过身份验证的用户上传任意文件。这种行为的影响取决于文件如何被访问。此问题已在 2025-04-08 修复。 CWE: CWE-434: Unrestricted Upload of File with Dangerous Type CVSS 评分: - CVSS v3.1: 3.4 (低) - CVSS v4.0: 6.2 (中等) 产品状态: - 供应商: Medical Informatics Engineering - 产品: Enterprise Health - 受影响版本: 默认状态未知,受影响版本从 n 到 2025-04-08 之前 贡献者: - George Thompson, Sandia National Laboratories - Trevor LaPay, Sandia National Laboratories - Fernando Martinez, Sandia National Laboratories - Gary Huang, Sandia National Laboratories 参考链接: - raw.githubusercontent.com: url - cve.org: url