CVE-2025-48981

HIGH

CGM MEDICO - Info Disclosure

Title source: llm

Description

An insecure implementation of the proprietary protocol DNET in Product CGM MEDICO allows attackers within the intranet to eavesdrop and manipulate data on the protocol because encryption is optional for this connection.

References (1)

[Various Sources] https://www.cgm.com/deu_de/allgemein/cybersecurity-en/security-advisoriy.html

Scores

CVSS v3 8.6

EPSS 0.0002

EPSS Percentile 6.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-311

Status published

Products (1)

CompuGroup Medical/CGM MEDICO 29.0 - 29.1

Published Oct 08, 2025

Tracked Since Feb 18, 2026