Auth bypass in Cgm Clininet

CVE-2025-30035

The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user account by supplying only the username, without requiring a password or any other credentials. Obtaining a session ID i…

Vulnerability class: Broken Authentication

EPSS: 0.000 (15.4th percentile) — read the EPSS interpretation.

Affected products

Cgm Clininet — versions 0

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

References

cert.pl/en/posts/2026/03/CVE-2025-10350/ (third-party-advisory)
https://www.cgm.com/pol_pl/products/szpital/cgm-clininet.html (product)