CVE-2025-11609HIGH 8.1EPSS p36.9%

CVE-2025-11609CVE-2025-11609

Description

A flaw has been found in code-projects Hospital Management System 1.0. Affected is the function session of the component express-session. This manipulation of the argument secret with the input secret causes use of hard-coded cryptographic key . The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is told to be difficult. The exploit has been published and may be used.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.47% probability of exploitation · percentile 36.9% · 2026-06-18T12:00:27Z
Published2025-10-11
Last modified2026-04-29

Underlying weaknesses· 2

CWE-320CWE-321

References

  1. https://code-projects.org/
  2. https://github.com/lakshayyverma/CVE-Discovery/blob/main/Hospital%20Management%20System.md
  3. https://vuldb.com/?ctiid.327932
  4. https://vuldb.com/?id.327932
  5. https://vuldb.com/?submit.672589
  6. https://github.com/lakshayyverma/CVE-Discovery/blob/main/Hospital%20Management%20System.md

2

TypeTargetConfidenceTier
cwe-3200%live
WeaknessUse of Hard-coded Cryptographic Keycwe-3210%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-9770
CVE
CVE-2026-10208
CVE
CVE-2025-3685
CVE
CVE-2026-10209
CVE
CVE-2026-10299
CVE
CVE-2025-11290
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.