VYPR
Unrated severityNVD Advisory· Published Mar 2, 2026· Updated Mar 2, 2026

Insecure Direct Object Reference Message ID

CVE-2025-58402

Description

The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • CGM/CLININETllm-fuzzy2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.