CVE-2025-30035

UNKNOWN 0.0

Lack of API authentication allowing session generation for any user

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user account by supplying only the username, without requiring a password or any other credentials. Obtaining a session ID is sufficient for session takeover and grants access to the system with the privileges of the targeted user.

CWE	CWE-306
Vendor	cgm
Product	cgm clininet
Published	Mar 2, 2026
Last Updated	Mar 2, 2026

Stay Ahead of the Next One

Get instant alerts for cgm cgm clininet

Be the first to know when new unknown vulnerabilities affecting cgm cgm clininet are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

CGM / CGM CLININET

0 < 2025.MS4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

cert.pl: https://cert.pl/en/posts/2026/03/CVE-2025-10350/ https: https://https://www.cgm.com/pol_pl/products/szpital/cgm-clininet.html

Credits

Maciej Kazulak