CVE 9 CRITICAL

Missing authentication in APIs returning statistical data along with session IDs_CVE-2025-30041

August 27, 2025 invoker category_cve
9 / 10
CRITICAL
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

The paths "/cgi-bin/CliniNET.prd/utils/userlogstat.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl" expose data containing session IDs.

Basic Information

ID CVE-2025-30041
Source CERT-PL
Published Aug 27, 2025 at 10:21

Affected Product

Vendor CGM
Product CGM CLININET
Affected Versions CGM CGM CLININET 0

CWE Classification

CWE-306

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.