Vulnerability Description
The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user account by supplying only the username, without requiring a password or any other credentials. Obtaining a session ID is sufficient for session takeover and grants access to the system with the privileges of the targeted user.
Related Weaknesses (CWE)
References
- https://cert.pl/en/posts/2026/03/CVE-2025-10350/
- https://https://www.cgm.com/pol_pl/products/szpital/cgm-clininet.html
FAQ
What is CVE-2025-30035?
CVE-2025-30035 is a documented vulnerability. The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user account by supplying only the username, without requiring a password or any othe...
How severe is CVE-2025-30035?
CVSS scoring is not yet available for CVE-2025-30035. Check NVD for updates.
Is there a patch for CVE-2025-30035?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.