CVE-2025-30035

CVE-2025-30035

CRITICAL CVSS 4.0: 9.0 EPSS 0.05%

Parameter	Value
CVSS	9.0 (CRITICAL)
Type	CWE-306 (Missing Authentication for Critical Function)
Public PoC	No

The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user account by supplying only the username, without requiring a password or any other credentials. Obtaining a session ID is sufficient for session takeover and grants access to the system with the privileges of the targeted user.

Attack Parameters

Attack Vector

Adjacent

Requires local network access

Attack Complexity

Low

Easy to exploit

Attack Requirements

Present

Additional conditions required

Privileges Required

None

No privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

High

Complete denial of service

CVSS Vector v4.0

Weakness Type (CWE)

CWE-306 Missing Authentication for Critical Function

References 2

https://cert.pl/en/posts/2026/03/CVE-2025-10350/

cvd@cert.pl

https://https://www.cgm.com/pol_pl/products/szpital/cgm-clininet.html

cvd@cert.pl

Share Post Share Share Share

Menu

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 2

CVE Details

Editor's Choice

Menu

CVE-2025-30035

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 2

CVE Details

Editor's Choice

Stay informed on cybersecurity