CVE-2025-24363

Summary

CVE-2025-24363 affects the HL7 FHIR IG Publisher, a tool used to create FHIR Implementation Guides. In certain circumstances, prior to version 1.8.9, the IG Publisher CLI would include the URL of the originating Git repository in the built Implementation Guide, potentially exposing username and credential information. This vulnerability only impacts users who publish Implementation Guides from Git repositories with username and credential-based URLs. The issue has been resolved in release 1.8.9, and users can mitigate the risk by either ensuring their Git repository URLs do not contain sensitive information or specifying a URL with no sensitive information when using the IG Publisher CLI.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.