PT-2026-22574 · Unknown · Cgm Clininet System

Maciej Kazulak

Published

2026-03-02

Updated

2026-03-09

CVE-2025-30042

CVSS v4.0

9.0

Critical

Vector

AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Name of the Vulnerable Software and Affected Versions CGM CLININET system (affected versions not specified)

Description The CGM CLININET system uses smart card authentication, but authentication happens locally on the client device. Instead of verifying the smart card and private key, only the certificate number is used for access verification. This means that possessing the certificate number is enough to authenticate, even without the smart card or the correct private key.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-603

Related Identifiers

CVE-2025-30042

Affected Products

Cgm Clininet System

PT-2026-22574 · Unknown · Cgm Clininet System

CVE-2025-30042

Weakness Enumeration

Related Identifiers

Affected Products

References · 10