CVE-2025-30035

Critical CVSS: 9.0

The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user account by supplying only the username, without requiring a password or any other credentials. Obtaining a session ID is sufficient for session takeover and grants access to the system with the privileges of the targeted user.

Vendor

Product

CWE

CWE-306

Yayın Tarihi

2026-03-02 12:16:00

Güncelleme

2026-03-02 20:29:29

Source Identifier

cvd@cert.pl

KEV Date Added

Kategoriler

CWE-306 CRITICAL 2026

Referanslar

https://cert.pl/en/posts/2026/03/CVE-2025-10350/ https://https://www.cgm.com/pol_pl/products/szpital/cgm-clininet.html