Hard-Coded Credentials Issue in Clinic Image System by Changing
CVE-2025-8857

9.3CRITICAL

Key Information:

Vendor

Changing

Status
Clinic Image System
Vendor
CVE Published:
29 August 2025

What is CVE-2025-8857?

The Clinic Image System developed by Changing contains hard-coded credentials, which allows unauthorized remote attackers to gain access to the system. This vulnerability exposes sensitive information and potentially allows malicious actors to manipulate the system, undermining its security posture. The presence of admin credentials within the source code makes it easier for attackers to exploit this flaw, thereby posing significant risks to data integrity and confidentiality.

Affected Version(s)

Clinic Image System 0 <= 2.4.23.2131

Clinic Image System 1.5.*

Clinic Image System 2.0.*

References

https://www.twcert.org.tw/tw/cp-132-10362-c6021-1.html
third-party-advisory
https://www.twcert.org.tw/en/cp-139-10363-601c9-2.html
third-party-advisory
https://www.chtsecurity.com/news/276d7867-dfb1-4a91-bc34-...
third-party-advisory

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-8857 : Hard-Coded Credentials Issue in Clinic Image System by Changing