RCE in Cgm Clininet

CVE-2025-30057

In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command injection into the system() call in the ConvertToPDF function.

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.002 (41.7th percentile) — read the EPSS interpretation.

Affected products

Cgm Clininet — versions 0

Weakness classification (CWE)

CWE-94 — Code Injection

References

cert.pl/en/posts/2025/08/CVE-2025-2313/