CVE-2025-27955 — MEDIUM (6.5)

Vulnerability Description

Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute arbitrary code.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Philips	Clinical Collaboration Platform	12.2.1.5

Related Weaknesses (CWE)

CWE-1259

References

https://github.com/intruderlabs/cvex/tree/main/Carestream/session-token-in-urlThird Party Advisory

FAQ

What is CVE-2025-27955?

CVE-2025-27955 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute arbitrary ...

How severe is CVE-2025-27955?

CVE-2025-27955 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-27955?

Check the references section above for vendor advisories and patch information. Affected products include: Philips Clinical Collaboration Platform.