RCE in Cgm Clininet
CVE-2025-30044
In the endpoints "/cgi-bin/CliniNET.prd/utils/usrlogstat_simple.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", "/cgi-bin/CliniNET.prd/utils/userlogstat2.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl", the parameters are not suffici…
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.000 (11.4th percentile) — read the EPSS interpretation.
Affected products
- Cgm Clininet — versions 0
Weakness classification (CWE)
References
- cert.pl/en/posts/2026/03/CVE-2025-10350/ (third-party-advisory)
- www.cgm.com/pol_pl/products/szpital/cgm-clininet.html (product)