RCE in Cgm Clininet

CVE-2025-30056

The RunCommand function accepts any parameter, which is then passed for execution in the shell. This allows an attacker to execute arbitrary code on the system.

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.001 (18.8th percentile) — read the EPSS interpretation.

Affected products

Cgm Clininet — versions 0

Weakness classification (CWE)

CWE-94 — Code Injection

References

cert.pl/en/posts/2025/08/CVE-2025-2313/