You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cwe-472
About this tag
CWE-472 refers to an external control of an assumed-immutable web parameter, a vulnerability where a web application fails to properly validate or protect parameters that should be fixed or read-only. On WindowsForum.com, this tag is discussed in the context of CVE-2025-54551, a privilege-escalation flaw in FUJIFILM Synapse Mobility, a web-based medical imaging viewer. The vulnerability allows remote attackers to bypass role-based access controls by manipulating web parameters, potentially exposing protected DICOM imaging data. The advisory from CISA recommends upgrading to version 8.2 or later and applying mitigations. This tag covers security issues involving parameter tampering in web applications, particularly in healthcare and enterprise environments.
FUJIFILM Healthcare Americas’ Synapse Mobility contains a web-parameter privilege-escalation flaw—tracked as CVE-2025-54551—that can be exploited remotely to bypass role-based access controls and expose protected imaging data, and CISA’s emergency medical advisory urges immediate upgrades to...