Improper Authorization in Internet Doctor Workstation System by 浙江湖州华卓信息科技有限公司
CVE-2025-3981

5.3MEDIUM

Key Information:

Vendor: Wowjoy 浙江湖州华卓信息科技有限公司
Status: Internet Doctor Workstation System
Vendor: CVE Published:; 27 April 2025

Badges

👾 Exploit Exists

What is CVE-2025-3981?

A vulnerability has been discovered in the Internet Doctor Workstation System 1.0 offered by 浙江湖州华卓信息科技有限公司. This issue stems from an improper authorization process in the handling of requests to the /v1/prescription/details/ endpoint. The weakness can be exploited remotely, requiring an attacker to manipulate requests to gain unauthorized access, posing significant security risks. Although the vendor was notified of this security flaw, they have not responded. Users are advised to review their configurations and implement security measures to mitigate potential exploits.

Affected Version(s)

Internet Doctor Workstation System 1.0

References

https://vuldb.com/?id.306317

vdb-entry

https://vuldb.com/?ctiid.306317

signaturepermissions-required

https://github.com/38279/3/issues/1

exploitissue-tracking

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

🟡
Public PoC available
Apr 27, 2025
👾
Exploit known to exist
Apr 27, 2025
Vulnerability published
Apr 27, 2025
Vulnerability Reserved
Apr 26, 2025

Wowjoy 浙江湖州华卓信息科技有限公司

Badges

What is CVE-2025-3981?

Affected Version(s)

References

CVSS V4

Timeline