CVE-2025-30042

UNKNOWN 0.0

Session generation possible with certificate number only

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in reality, only the certificate number is used for access verification. As a result, possession of the certificate number alone is sufficient for authentication, regardless of the actual presence of the smart card or ownership of the private key.

CWE	CWE-603
Vendor	cgm
Product	cgm clininet
Published	Mar 2, 2026
Last Updated	Mar 2, 2026

Stay Ahead of the Next One

Get instant alerts for cgm cgm clininet

Be the first to know when new unknown vulnerabilities affecting cgm cgm clininet are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

CGM / CGM CLININET

0 < 2025.MS2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

cert.pl: https://cert.pl/en/posts/2026/03/CVE-2025-10350/ cgm.com: https://www.cgm.com/pol_pl/products/szpital/cgm-clininet.html

Credits

Maciej Kazulak