CVE-2025-58402

High CVSS: 7.1

The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users.

Vendor

Cgm

Product

Clininet

CWE

CWE-639

Yayın Tarihi

2026-03-02 12:16:01

Güncelleme

2026-03-09 15:25:56

Source Identifier

cvd@cert.pl

KEV Date Added

Kategoriler

CWE-639 Clininet HIGH Cgm 2026

Referanslar

https://cert.pl/en/posts/2026/03/CVE-2025-10350/ https://www.cgm.com/pol_pl/products/szpital/cgm-clininet.html

Benzer Kayıtlar

Critical

CVE-2025-30042

The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client d…

Medium

CVE-2025-58405

The CGM CLININET application does not implement any mechanisms that prevent clickjacking attacks, neither HTTP security…

Medium

CVE-2025-58406

The CGM CLININET application respond without essential security HTTP headers, exposing users to client‑side attacks such…