CVE-2025-58402

UNKNOWN 0.0

Insecure Direct Object Reference Message ID

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users.

CWE	CWE-639
Vendor	cgm
Product	cgm clininet
Published	Mar 2, 2026
Last Updated	Mar 2, 2026

Stay Ahead of the Next One

Get instant alerts for cgm cgm clininet

Be the first to know when new unknown vulnerabilities affecting cgm cgm clininet are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

CGM / CGM CLININET

0 < 2025.MS4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

cert.pl: https://cert.pl/en/posts/2026/03/CVE-2025-10350/ cgm.com: https://www.cgm.com/pol_pl/products/szpital/cgm-clininet.html