File Download Vulnerability in CliniNET by CERT
CVE-2025-30040

9CRITICAL

Key Information:

Vendor: Cgm
Status: Cgm Clininet
Vendor: CVE Published:; 27 August 2025

What is CVE-2025-30040?

An issue exists within CliniNET that enables unauthorized users to download files containing sensitive session ID information. This is achieved by accessing the vulnerable endpoint '/cgi-bin/CliniNET.prd/utils/userlogxls.pl' without authentication, potentially leading to data breaches and unauthorized access to user sessions.

Affected Version(s)

CGM CLININET 0 < 2024.MS4

References

https://cert.pl/en/posts/2025/08/CVE-2025-2313/

CVSS V4

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 27, 2025
Vulnerability Reserved
Mar 14, 2025

Credit

Maciej Kazulak

Cgm

What is CVE-2025-30040?

Affected Version(s)

References

CVSS V4

Timeline

Credit