CVE-2025-30035
Authentication Bypass in CGM CLININET Enables Full Account Takeover
Publication date: 2026-03-02
Last updated on: 2026-03-02
Assigner: CERT.PL
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cgm | clininet | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows an attacker to completely bypass the authentication process in CGM CLININET. The attacker only needs to supply a username to gain access to any active user account without requiring a password or any other credentials.
By obtaining a session ID, the attacker can take over the session and access the system with the same privileges as the targeted user.
How can this vulnerability impact me? :
This vulnerability can have severe impacts as it allows unauthorized access to user accounts in CGM CLININET without needing passwords.
- Attackers can impersonate legitimate users and access sensitive information.
- It can lead to data breaches, unauthorized data modification, or misuse of system privileges.
- The integrity and confidentiality of the system and its data are at high risk.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know