Asseco InfoMedica Plus Hit by Two Flaws

Poland’s national cybersecurity team, CERT Polska, has disclosed two newly identified vulnerabilities affecting the Asseco InfoMedica Plus software. The issues, tracked as CVE-2025-8306 and CVE-2025-8307, emerged following an external report that prompted further analysis by the agency.

Both vulnerabilities could pose a risk to users of the healthcare-focused application, though details surrounding their technical implications remain limited in the public notice. CERT Polska has yet to release specific mitigation steps or identify affected versions, but organizations using the software should monitor updates closely.

The Asseco InfoMedica Plus platform supports digital operations in the health sector, making security concerns particularly urgent. Entities relying on the software are urged to assess their risk posture and plan for immediate patches or workaround strategies when available.

CERT Polska’s official advisory offers further context on the discovered flaws and will provide updates as more information becomes available.

https://cert.pl/en/posts/2026/01/CVE-2025-8306/