CVE-2025-30035

N/A

Beschreibung

The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user account by supplying only the username, without requiring a password or any other credentials. Obtaining a session ID is sufficient for session takeover and grants access to the system with the privileges of the targeted user.

CVE Details

CVSS v3.1 BewertungN/A

Veroffentlicht3/2/2026

Zuletzt geandert3/2/2026

Quellenvd

Honeypot-Sichtungen0

Schwachen (CWE)

CWE-306

Referenzen

https://cert.pl/en/posts/2026/03/CVE-2025-10350/(cvd@cert.pl)

https://https://www.cgm.com/pol_pl/products/szpital/cgm-clininet.html(cvd@cert.pl)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.