Medium severity6.5NVD Advisory· Published Jun 2, 2025· Updated Jun 17, 2026
CVE-2025-27954
CVE-2025-27954
Description
An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Clinical Collaboration Platform/Clinical Collaboration Platformdescription
- Range: =12.2.1.5
Patches
Vulnerability mechanics
References
2- github.com/intruderlabs/cvex/tree/main/Carestream/session-token-in-urlnvdThird Party Advisory
- portswigger.net/kb/issues/00500700_session-token-in-urlnvdIssue Tracking
News mentions
0No linked articles in our index yet.