PT-2026-22572 · Unknown+1 · Gcm Clininet+1
Maciej Kazulak
·
Published
2026-03-02
·
Updated
2026-03-09
·
CVE-2025-10350
CVSS v4.0
8.8
High
| Vector | AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L |
Name of the Vulnerable Software and Affected Versions
CGM NETRAAD versions prior to 7.9.0
Description
A SQL Injection issue exists in the "imageserver" module when processing C-FIND queries. This affects CGM NETRAAD software and potentially allows an attacker connected to a PACS system to gain access to the database, including data processed by GCM CLININET software. The issue is present when processing C-FIND queries via the
imageserver module. The API endpoint involved is not specified. The vulnerable parameter is not specified.Recommendations
Update CGM NETRAAD to version 7.9.0 or later.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cgm Netraad
Gcm Clininet