CVE-2025-10350
Received Received - Intake
SQL Injection in CGM NETRAAD Imageserver Allows Database Access

Publication date: 2026-03-02

Last updated on: 2026-03-02

Assigner: CERT.PL

Description
SQL Injection vulnerability in "imageserver" module when processing C-FIND queries in CGM NETRAAD software allows attacker connected to PACS gaining access to database, including data processed by GCM CLININET software.This issue affects CGM NETRAAD with imageserver module in versions before 7.9.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-02
Last Modified
2026-03-02
Generated
2026-05-06
AI Q&A
2026-03-02
EPSS Evaluated
2026-05-05
NVD
CVE-2025-10350
EUVD
EUVD-2025-208145
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
cgm netraad to 7.9.0 (exc)
cgm clininet *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


Can you explain this vulnerability to me?

The vulnerability is an SQL Injection issue in the imageserver module of CGM NETRAAD software when processing C-FIND queries. This flaw allows an attacker who is connected to the PACS network to gain unauthorized access to the underlying database, including data processed by the CGM CLININET software. It affects all versions of CGM NETRAAD prior to version 7.9.0.


How can this vulnerability impact me? :

This vulnerability can allow an attacker connected to the PACS network to access sensitive database information without authorization. Such unauthorized access could lead to exposure or theft of confidential medical data processed by CGM NETRAAD and CGM CLININET software, potentially compromising patient privacy and the integrity of healthcare data.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability affects CGM NETRAAD software versions prior to 7.9.0. Immediate mitigation involves upgrading the CGM NETRAAD software to version 7.9.0 or later, where this SQL Injection vulnerability in the imageserver module processing C-FIND queries has been fixed.

Additionally, restricting network access to the PACS system to trusted users and monitoring for unusual database access attempts can help reduce risk until the upgrade is applied.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart