CGM CLININET up to 2025.MS3 Message MessageID authorization
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.8 | $0-$5k | 0.00 |
Summary
A vulnerability was found in CGM CLININET up to 2025.MS3. It has been classified as problematic. This affects an unknown part of the component Message Handler. Performing a manipulation of the argument MessageID results in authorization. This vulnerability is cataloged as CVE-2025-58402. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.
Details
A vulnerability, which was classified as problematic, was found in CGM CLININET up to 2025.MS3. This affects an unknown code block of the component Message Handler. The manipulation of the argument MessageID with an unknown input leads to a authorization vulnerability. CWE is classifying the issue as CWE-639. The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. This is going to have an impact on confidentiality. The summary by CVE is:
The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users.
It is possible to read the advisory at cert.pl. This vulnerability is uniquely identified as CVE-2025-58402 since 09/01/2025. The exploitability is told to be easy. It is possible to initiate the attack remotely. Technical details of the vulnerability are known, but there is no available exploit.
Upgrading to version 2025.MS4 eliminates this vulnerability.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Vendor
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔒VulDB Reliability: 🔍
CNA CVSS-B Score: 🔒
CNA CVSS-BT Score: 🔒
CNA Vector: 🔒
CVSSv3
VulDB Meta Base Score: 5.9VulDB Meta Temp Score: 5.8
VulDB Base Score: 4.3
VulDB Temp Score: 4.1
VulDB Vector: 🔒
VulDB Reliability: 🔍
NVD Base Score: 7.5
NVD Vector: 🔒
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploiting
Class: AuthorizationCWE: CWE-639 / CWE-285 / CWE-266
CAPEC: 🔒
ATT&CK: 🔒
Physical: No
Local: No
Remote: Yes
Availability: 🔒
Status: Not defined
EPSS Score: 🔒
EPSS Percentile: 🔒
Price Prediction: 🔍
Current Price Estimation: 🔒
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔒
Upgrade: CLININET 2025.MS4
Timeline
09/01/2025 CVE reserved03/02/2026 Advisory disclosed
03/02/2026 VulDB entry created
03/11/2026 VulDB entry last update
Sources
Advisory: cert.plStatus: Confirmed
CVE: CVE-2025-58402 (🔒)
GCVE (CVE): GCVE-0-2025-58402
GCVE (VulDB): GCVE-100-348339
Entry
Created: 03/02/2026 13:56Updated: 03/11/2026 03:07
Changes: 03/02/2026 13:56 (67), 03/09/2026 17:53 (11), 03/11/2026 03:07 (1)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.