CVE-2025-30038
BaseFortify
Publication date: 2025-08-27
Last updated on: 2025-08-29
Assigner: CERT.PL
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cgm | clininet | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1230 | The product prevents direct access to a resource containing sensitive information, but it does not sufficiently limit access to metadata that is derived from the original, sensitive information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves a session ID leak when saving a file downloaded from CGM CLININET. The session identifier is exposed because of a Windows security feature that stores extra metadata in an NTFS alternate data stream (ADS) for files downloaded from potentially untrusted sources. This exposure can allow attackers to access session information unintentionally leaked through these metadata streams.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of session IDs, which may allow attackers to hijack user sessions or gain unauthorized access to the system. This could result in compromised user accounts, including potentially privileged sessions, leading to data breaches or unauthorized actions within the affected software environment.