CVE-2025-30042

Critical CVSS: 9.0

The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in reality, only the certificate number is used for access verification. As a result, possession of the certificate number alone is sufficient for authentication, regardless of the actual presence of the smart card or ownership of the private key.

Vendor

Cgm

Product

Clininet

CWE

CWE-603

Yayın Tarihi

2026-03-02 12:16:01

Güncelleme

2026-03-09 16:49:58

Source Identifier

cvd@cert.pl

KEV Date Added

Kategoriler

CWE-603 Clininet CRITICAL Cgm 2026

Referanslar

https://cert.pl/en/posts/2026/03/CVE-2025-10350/ https://www.cgm.com/pol_pl/products/szpital/cgm-clininet.html

Benzer Kayıtlar

High

CVE-2025-58402

The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks.…

Medium

CVE-2025-58405

The CGM CLININET application does not implement any mechanisms that prevent clickjacking attacks, neither HTTP security…

Medium

CVE-2025-58406

The CGM CLININET application respond without essential security HTTP headers, exposing users to client‑side attacks such…