How severe is CVE-2025-24363?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.2 out of 10.

What type of vulnerability is CVE-2025-24363?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2025-24363

MEDIUM Year: 2025

CVSS v3 Score

4.2

Medium

Weakness Type

CWE-200

View all →

Vulnerability Description

The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.8.9, in CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise set to use a repo that uses a username and credential based URL, the entire URL will be included in the built Implementation Guide, exposing username and credential. This does not impact users that clone public repos without credentials, such as those using the auto-ig-build continuous integration infrastructure. This problem has been patched in release 1.8.9. Some workarounds are available. Users should ensure the IG repo they are publishing does not have username or credentials included in the `origin` URL. Running the command `git remote origin url` should return a URL that contains no username, password, or token; or users should run the IG Publisher CLI with the `-repo` parameter and specify a URL that contains no username, password, or token.

CVE-2009-0783

MEDIUM

CVSS:4.2(Medium)

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read o...

CWE-2002009

CVE-2014-3591

MEDIUM

CVSS:4.2(Medium)

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determin...

CWE-2002014

CVE-2017-13238

MEDIUM

CVSS:4.2(Medium)

In XBLRamDump mode, there is a debug feature that can be used to dump memory contents, if an attacker has physical access to the device. This could lead to local information disclosure with no additio...

CWE-2002017

CVE-2018-12076

MEDIUM

CVSS:4.2(Medium)

A vulnerability in the UPC bar code of the Avanti Markets MarketCard could allow an unauthenticated, local attacker to access funds within the customer's MarketCard balance, and also could lead to Cus...

CWE-2002018

CVE-2018-3986

MEDIUM

CVSS:4.2(Medium)

An exploitable information disclosure vulnerability exists in the "Secret Chats" functionality of the Telegram Android messaging application version 4.9.0. The "Secret Chats" functionality allows a us...

CWE-2002018

CVE-2018-3987

MEDIUM

CVSS:4.2(Medium)

An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of Rakuten Viber on Android 9.3.0.6. The 'Secret Chats' functionality allows a user to delete all traces ...

CWE-2002018

CVE-2025-24363

Vulnerability Description

Related Vulnerabilities

CVE-2009-0783

CVE-2014-3591

CVE-2017-13238

CVE-2018-12076

CVE-2018-3986

CVE-2018-3987