CVE-2025-30042

Summary

The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in reality, only the certificate number is used for access verification. As a result, possession of the certificate number alone is sufficient for authentication, regardless of the actual presence of the smart card or ownership of the private key.

Affected Software

VendorProductVersion RangeStatus
CGMCGM CLININET0 < 2025.MS2affected

Weaknesses

  • CWE-603: CWE-603 Use of Client-Side Authentication

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References