You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
external web parameter control
About this tag
The tag external web parameter control covers vulnerabilities where an attacker can modify a web parameter that the application assumes is immutable. Content tagged here discusses CVE-2025-54551 in FUJIFILM Synapse Mobility, a medical imaging viewer. This flaw allows remote privilege escalation by controlling a web parameter, bypassing role-based access controls and exposing protected DICOM data. The advisory from CISA maps this to CWE-472 and recommends upgrading to version 8.2 or later with mitigations. The tag focuses on security issues in web applications where external parameter manipulation leads to unauthorized access or privilege escalation.
FUJIFILM Healthcare Americas’ Synapse Mobility contains a web-parameter privilege-escalation flaw—tracked as CVE-2025-54551—that can be exploited remotely to bypass role-based access controls and expose protected imaging data, and CISA’s emergency medical advisory urges immediate upgrades to...