CVE-2025-30038

Vulnerability Description

The vulnerability consists of a session ID leak when saving a file downloaded from CGM CLININET. The identifier is exposed through a built-in Windows security feature that stores additional metadata in an NTFS alternate data stream (ADS) for all files downloaded from potentially untrusted sources.

Related Weaknesses (CWE)

CWE-1230

References

https://cert.pl/en/posts/2025/08/CVE-2025-2313/

FAQ

What is CVE-2025-30038?

CVE-2025-30038 is a documented vulnerability. The vulnerability consists of a session ID leak when saving a file downloaded from CGM CLININET. The identifier is exposed through a built-in Windows security feature that stores additional metadata i...

How severe is CVE-2025-30038?

CVSS scoring is not yet available for CVE-2025-30038. Check NVD for updates.

Is there a patch for CVE-2025-30038?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.