Vulnerability in Cgm Clininet

CVE-2025-58406

The CGM CLININET application respond without essential security HTTP headers, exposing users to client‑side attacks such as clickjacking, MIME sniffing, unsafe caching, weak cross‑origin isolation, and missing transport security controls.

EPSS: 0.001 (16.2th percentile) — read the EPSS interpretation.

Affected products

Cgm Clininet — versions 0

Weakness classification (CWE)

CWE-693 — Protection Mechanism Failure

References

cert.pl/en/posts/2026/03/CVE-2025-10350/ (third-party-advisory)
www.cgm.com/pol_pl/products/szpital/cgm-clininet.html (product)