RCE in Cgm Clininet

CVE-2025-30055

The "system" function receives untrusted input from the user. If the "EnableJSCaching" option is enabled, it is possible to execute arbitrary code provided as the "Module" parameter.

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.001 (18.8th percentile) — read the EPSS interpretation.

Affected products

Cgm Clininet — versions 0

Weakness classification (CWE)

CWE-94 — Code Injection

References

cert.pl/en/posts/2025/08/CVE-2025-2313/