CVE-2025-30048
BaseFortify
Publication date: 2025-08-27
Last updated on: 2025-08-29
Assigner: CERT.PL
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cgm | clininet | 2025.ms2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the "serverConfig" endpoint being accessible without any authentication. This endpoint returns the module configuration, including credentials, which means unauthorized users can access sensitive configuration data without needing to log in or verify their identity.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive configuration information and credentials. This could allow attackers to gain further access to the system, potentially leading to data breaches, system compromise, or unauthorized actions within the affected environment.