{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-3981", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-04-26T07:52:54.551Z", "datePublished": "2025-04-27T18:31:03.796Z", "dateUpdated": "2025-04-28T13:44:41.175Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-04-27T18:31:03.796Z"}, "title": "wowjoy \u6d59\u6c5f\u6e56\u5dde\u534e\u5353\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8 Internet Doctor Workstation System details improper authorization", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-285", "lang": "en", "description": "Improper Authorization"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-266", "lang": "en", "description": "Incorrect Privilege Assignment"}]}], "affected": [{"vendor": "wowjoy \u6d59\u6c5f\u6e56\u5dde\u534e\u5353\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8", "product": "Internet Doctor Workstation System", "versions": [{"version": "1.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in wowjoy \u6d59\u6c5f\u6e56\u5dde\u534e\u5353\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8 Internet Doctor Workstation System 1.0. This issue affects some unknown processing of the file /v1/prescription/details/. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Eine Schwachstelle wurde in wowjoy \u6d59\u6c5f\u6e56\u5dde\u534e\u5353\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8 Internet Doctor Workstation System 1.0 entdeckt. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Datei /v1/prescription/details/. Dank der Manipulation mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "timeline": [{"time": "2025-04-26T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-04-26T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-04-26T09:58:02.000Z", "lang": "en", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.306317", "name": "VDB-306317 | wowjoy \u6d59\u6c5f\u6e56\u5dde\u534e\u5353\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8 Internet Doctor Workstation System details improper authorization", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.306317", "name": "VDB-306317 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/38279/3/issues/1", "tags": ["exploit", "issue-tracking"]}]}, "adp": [{"references": [{"url": "https://github.com/38279/3/issues/1", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-28T13:44:21.109948Z", "id": "CVE-2025-3981", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-28T13:44:41.175Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3981", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-28T13:44:21.109948Z"}}}], "references": [{"url": "https://github.com/38279/3/issues/1", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-28T13:44:28.976Z"}}], "cna": {"title": "wowjoy \u6d59\u6c5f\u6e56\u5dde\u534e\u5353\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8 Internet Doctor Workstation System details improper authorization", "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "affected": [{"vendor": "wowjoy \u6d59\u6c5f\u6e56\u5dde\u534e\u5353\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8", "product": "Internet Doctor Workstation System", "versions": [{"status": "affected", "version": "1.0"}]}], "timeline": [{"lang": "en", "time": "2025-04-26T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-04-26T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-04-26T09:58:02.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.306317", "name": "VDB-306317 | wowjoy \u6d59\u6c5f\u6e56\u5dde\u534e\u5353\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8 Internet Doctor Workstation System details improper authorization", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.306317", "name": "VDB-306317 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/38279/3/issues/1", "tags": ["exploit", "issue-tracking"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in wowjoy \u6d59\u6c5f\u6e56\u5dde\u534e\u5353\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8 Internet Doctor Workstation System 1.0. This issue affects some unknown processing of the file /v1/prescription/details/. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Eine Schwachstelle wurde in wowjoy \u6d59\u6c5f\u6e56\u5dde\u534e\u5353\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8 Internet Doctor Workstation System 1.0 entdeckt. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Datei /v1/prescription/details/. Dank der Manipulation mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-285", "description": "Improper Authorization"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-266", "description": "Incorrect Privilege Assignment"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-04-27T18:31:03.796Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3981", "state": "PUBLISHED", "dateUpdated": "2025-04-28T13:44:41.175Z", "dateReserved": "2025-04-26T07:52:54.551Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-04-27T18:31:03.796Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wowjoy:internet_doctor_workstation_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "4F1F0ABC-8E7B-480A-9C6E-2D97864130E0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in wowjoy \u6d59\u6c5f\u6e56\u5dde\u534e\u5353\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8 Internet Doctor Workstation System 1.0. This issue affects some unknown processing of the file /v1/prescription/details/. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad clasificada como problem\u00e1tica en wowjoy ?????????????? Internet Doctor Workstation System 1.0. Este problema afecta a un procesamiento desconocido del archivo /v1/prescription/details/. La manipulaci\u00f3n da lugar a una autorizaci\u00f3n indebida. El ataque podr\u00eda iniciarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."}], "id": "CVE-2025-3981", "lastModified": "2025-05-12T19:05:34.677", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-04-27T19:15:15.750", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/38279/3/issues/1"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.306317"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.306317"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/38279/3/issues/1"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-266"}, {"lang": "en", "value": "CWE-285"}], "source": "cna@vuldb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}