Unrated severityNVD Advisory· Published Mar 2, 2026· Updated Mar 2, 2026

Session generation possible with certificate number only

CVE-2025-30042

Description

The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in reality, only the certificate number is used for access verification. As a result, possession of the certificate number alone is sufficient for authentication, regardless of the actual presence of the smart card or ownership of the private key.

Affected products

CGM/CLININETllm-fuzzy
CGM/CGM CLININETv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cert.pl/en/posts/2026/03/CVE-2025-10350/mitrethird-party-advisory
www.cgm.com/pol_pl/products/szpital/cgm-clininet.htmlmitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000