CVE-2025-15236 – QOCA aim AI Medical Cloud Platform has an absol... (How to Fix)

Q: What is the severity of CVE-2025-15236?

CVE-2025-15236 has a CVSS score of 4.3 (MEDIUM). QOCA aim AI Medical Cloud Platform has an absolute path traversal vulnerability that allows authenticated remote attackers to read folder names under specified paths. This affects healthcare organizations using Quanta Computer's medical cloud platform. Attackers must have valid credentials to exploit this vulnerability.

📋 TL;DR

QOCA aim AI Medical Cloud Platform has an absolute path traversal vulnerability that allows authenticated remote attackers to read folder names under specified paths. This affects healthcare organizations using Quanta Computer's medical cloud platform. Attackers must have valid credentials to exploit this vulnerability.

💻 Affected Systems

Products:

QOCA aim AI Medical Cloud Platform

Versions: Specific versions not disclosed in available references

Operating Systems: Unknown - Cloud platform likely runs on various OS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the platform's path handling mechanism. Requires authenticated access to exploit.

📦 What is this software?

Qoca Aim by Quantatw

View all CVEs affecting Qoca Aim →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could map the entire directory structure, identify sensitive medical data locations, and potentially combine with other vulnerabilities for data exfiltration.

🟠

Likely Case

Unauthorized directory enumeration leading to information disclosure about system structure and potentially sensitive folder names.

🟢

If Mitigated

Limited information disclosure about folder structure without access to actual file contents.

🌐 Internet-Facing: MEDIUM - Requires authentication but exposes directory structure information to authenticated attackers.

🏢 Internal Only: MEDIUM - Internal authenticated users could abuse this to map system directories.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but path traversal techniques are well-documented and easy to implement.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in available references

Vendor Advisory: https://www.twcert.org.tw/en/cp-139-10616-cd942-2.html

Restart Required: Yes

Instructions:

1. Contact Quanta Computer for patch details. 2. Apply the security update provided by the vendor. 3. Restart the QOCA aim platform services. 4. Verify the fix prevents path traversal attempts.

🔧 Temporary Workarounds

Input Validation Enhancement

all

Implement strict input validation to reject path traversal sequences in user inputs

Configuration dependent - implement in application code

Access Control Restriction

all

Restrict authenticated users' access to only necessary directories using principle of least privilege

Platform-specific access control configuration

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block path traversal patterns
Monitor authentication logs for suspicious directory enumeration attempts

🔍 How to Verify

Check if Vulnerable:

Test authenticated API endpoints with path traversal payloads like '../../etc/passwd' or similar directory traversal sequences

Check Version:

Check platform version through admin interface or contact Quanta Computer support

Verify Fix Applied:

Attempt the same path traversal attacks after patching - they should be blocked or return error responses

📡 Detection & Monitoring

Log Indicators:

Multiple failed attempts to access directories with traversal sequences
Unusual pattern of directory enumeration requests from authenticated users

Network Indicators:

HTTP requests containing '../' sequences in URL parameters
Patterns of directory probing from single authenticated sessions

SIEM Query:

source="web_logs" AND (url="*../*" OR param="*../*") AND response_code=200

📊 Metadata

CVE ID: CVE-2025-15236

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-36

EPSS Score: 0.06% exploit probability (18.2th percentile)

Published: January 5, 2026

Last Updated: January 20, 2026

🔗 References

https://www.twcert.org.tw/en/cp-139-10616-cd942-2.html Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-10615-157a3-1.html Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15236, you might also want to check these: