← Back to CVEs
CVE-2025-11609
LOW3.7
Description
A flaw has been found in code-projects Hospital Management System 1.0. Affected is the function session of the component express-session. This manipulation of the argument secret with the input secret causes use of hard-coded cryptographic key . The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is told to be difficult. The exploit has been published and may be used.
CVE Details
CVSS v3.1 Score3.7
SeverityLOW
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack VectorNETWORK
ComplexityHIGH
Privileges RequiredNONE
User InteractionNONE
Published10/11/2025
Last Modified4/29/2026
Sourcenvd
Honeypot Sightings0
Affected Products
fabian:hospital_management_system
Weaknesses (CWE)
CWE-320CWE-321
References
https://code-projects.org/(cna@vuldb.com)
https://github.com/lakshayyverma/CVE-Discovery/blob/main/Hospital%20Management%20System.md(cna@vuldb.com)
https://vuldb.com/?ctiid.327932(cna@vuldb.com)
https://vuldb.com/?id.327932(cna@vuldb.com)
https://vuldb.com/?submit.672589(cna@vuldb.com)
https://github.com/lakshayyverma/CVE-Discovery/blob/main/Hospital%20Management%20System.md(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.