Improper Authorization in Internet Doctor Workstation System by 浙江湖州华卓信息科技有限公司
CVE-2025-3981

5.3MEDIUM

Key Information:

Vendor

Wowjoy 浙江湖州华卓信息科技有限公司

Status
Internet Doctor Workstation System
Vendor
CVE Published:
27 April 2025

Badges

👾 Exploit Exists

What is CVE-2025-3981?

A vulnerability has been discovered in the Internet Doctor Workstation System 1.0 offered by 浙江湖州华卓信息科技有限公司. This issue stems from an improper authorization process in the handling of requests to the /v1/prescription/details/ endpoint. The weakness can be exploited remotely, requiring an attacker to manipulate requests to gain unauthorized access, posing significant security risks. Although the vendor was notified of this security flaw, they have not responded. Users are advised to review their configurations and implement security measures to mitigate potential exploits.

Affected Version(s)

Internet Doctor Workstation System 1.0

References

https://vuldb.com/?id.306317
vdb-entry
https://vuldb.com/?ctiid.306317
signaturepermissions-required
https://github.com/38279/3/issues/1
exploitissue-tracking

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.