CVE-2025-48981
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-08
Last updated on: 2025-10-08
Assigner: HackerOne
Description
Description
An insecure implementation of the proprietary protocol DNET in Product CGM MEDICO allows attackers within the intranet to eavesdrop and manipulate data on the protocol because encryption is optional for this connection.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| compugroup_medical | cgm_medico | 29.0 |
| compugroup_medical | cgm_medico | 29.01.02.01 |
| compugroup_medical | cgm_medico | 29.1 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-311 | The product does not encrypt sensitive or critical information before storage or transmission. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
An attacker within the intranet could intercept and alter sensitive data communicated via the DNET protocol in CGM MEDICO, potentially leading to data breaches, unauthorized data manipulation, and compromised system integrity.
Can you explain this vulnerability to me?
This vulnerability is due to an insecure implementation of the proprietary protocol DNET in Product CGM MEDICO, where encryption is optional. This allows attackers within the same intranet to eavesdrop on and manipulate data transmitted over this protocol.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70