Login Sign Up

CVE-2025-15235

6.5 MEDIUM
Authentication Bypass

📋 TL;DR

This vulnerability in QOCA aim AI Medical Cloud Platform allows authenticated attackers to modify network packet parameters, enabling unauthorized access to other users' files. It affects healthcare organizations using Quanta Computer's cloud platform. The issue stems from missing authorization checks in specific system functions.

💻 Affected Systems

Products:
  • QOCA aim AI Medical Cloud Platform
Versions: Specific versions not disclosed in references
Operating Systems: Cloud platform - OS independent
Default Config Vulnerable: ⚠️ Yes
Notes: Affects cloud deployments of the medical platform. Requires authenticated access to exploit.

📦 What is this software?

Qoca Aim by Quantatw

View all CVEs affecting Qoca Aim →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access sensitive medical records, patient data, and confidential healthcare information, leading to privacy violations, regulatory penalties, and potential medical identity theft.

🟠

Likely Case

Authenticated users could access files belonging to other users within the same organization, potentially exposing sensitive but non-critical operational documents.

🟢

If Mitigated

With proper network segmentation and access controls, impact would be limited to specific user directories rather than system-wide access.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access and knowledge of specific packet parameters to modify.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in references

Vendor Advisory: https://www.twcert.org.tw/en/cp-139-10616-cd942-2.html

Restart Required: Yes

Instructions:

1. Contact Quanta Computer for patch details 2. Apply vendor-provided security update 3. Restart affected services 4. Verify authorization controls are functioning

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict access to the platform to trusted IP ranges only

Enhanced Authentication

all

Implement multi-factor authentication for all user accounts

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate the platform from other systems
  • Enable detailed audit logging for all file access attempts and regularly review logs

🔍 How to Verify

Check if Vulnerable:

Check if your organization uses QOCA aim AI Medical Cloud Platform and review access logs for unauthorized file access patterns

Check Version:

Contact Quanta Computer support for version verification

Verify Fix Applied:

Test authorization controls by attempting to access other users' files with authenticated test accounts

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized file access attempts
  • User accessing files outside their normal scope
  • Multiple failed authorization checks

Network Indicators:

  • Unusual packet modifications to platform endpoints
  • Suspicious parameter manipulation in requests

SIEM Query:

source="qoca_platform" AND (event_type="file_access" AND user_id!=file_owner) OR (auth_failure AND resource_type="file")

📊 Metadata

CVE ID: CVE-2025-15235
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-862
EPSS Score: 0.05% exploit probability (15.9th percentile)
Published: January 5, 2026
Last Updated: January 20, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15235, you might also want to check these:

CVE-2024-6071 10.0

CVE-2024-6071 is a critical remote code execution vulnerability in PTC Creo Elements/Direct License ...

Same vulnerability type (CWE-862)
CVE-2022-0543 10.0

CVE-2022-0543 is a critical Lua sandbox escape vulnerability in Redis on Debian-based systems that a...

Same vulnerability type (CWE-862)
CVE-2024-6500 10.0

This vulnerability allows unauthenticated attackers to read and delete arbitrary files on WordPress ...

Same vulnerability type (CWE-862)