CHT Security Red Team Discovered a Vulnerability in a Well-Known Clinic Image System. (Hardcoded Credentials)

Summary 

CHT Security discovered that the well-known domestic medical Clinic Image System did not securely store the system backend management login account and password, and there was a Hardcoded Credentials (CWE-798) vulnerability.

Impact 

CVE-2025-XXXX:  Unauthorized attackers can directly log into the backend management system through the backend management login account and password hard-coded in the code. The backend management system includes important settings such as modifying server environment variables, which seriously threatens system security.

 Version   

Version = v2.4.17.6280

 Credits 

Sam Huang (CHT Security)