CVE-2025-30055
CRITICALCGM CLININET < 2024.MS4 - Remote Code Execution via Module Parameter
Title source: llmDescription
The "system" function receives untrusted input from the user. If the "EnableJSCaching" option is enabled, it is possible to execute arbitrary code provided as the "Module" parameter.
References (1)
Core 1
Core References
Various Sources
https://cert.pl/en/posts/2025/08/CVE-2025-2313/
Scores
CVSS v4
9.0
EPSS
0.0022
EPSS Percentile
11.9%
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-94
Status
published
Products (1)
CGM/CGM CLININET
< 2024.MS4
Published
Aug 27, 2025
Tracked Since
Feb 18, 2026