CVE-2025-30038

High CVSS: 7.3

The vulnerability consists of a session ID leak when saving a file downloaded from CGM CLININET. The identifier is exposed through a built-in Windows security feature that stores additional metadata in an NTFS alternate data stream (ADS) for all files downloaded from potentially untrusted sources.

Vendor

Product

CWE

CWE-1230

Yayın Tarihi

2025-08-27 11:15:33

Güncelleme

2025-08-29 16:24:09

Source Identifier

cvd@cert.pl

KEV Date Added

Kategoriler

CWE-1230 HIGH 2025

Referanslar

https://cert.pl/en/posts/2025/08/CVE-2025-2313/