Critical severityNVD Advisory· Published Mar 2, 2026· Updated Apr 27, 2026

CVE-2025-30035

Description

The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user account by supplying only the username, without requiring a password or any other credentials. Obtaining a session ID is sufficient for session takeover and grants access to the system with the privileges of the targeted user.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cert.pl/en/posts/2026/03/CVE-2025-10350/nvd
https//www.cgm.com/pol_pl/products/szpital/cgm-clininet.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000