CVE-2025-58406
MEDIUMCGM CLININET < 2025.ms3 - Protection Mechanism Failure via Missing Security Headers
Title source: llmDescription
The CGM CLININET application respond without essential security HTTP headers, exposing users to client‑side attacks such as clickjacking, MIME sniffing, unsafe caching, weak cross‑origin isolation, and missing transport security controls.
References (2)
Core 2
Core References
Various Sources third-party-advisory
https://cert.pl/en/posts/2026/03/CVE-2025-10350/
Various Sources product
https://www.cgm.com/pol_pl/products/szpital/cgm-clininet.html
Scores
CVSS v3
4.3
EPSS
0.0018
EPSS Percentile
8.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-693
Status
published
Products (1)
cgm/clininet
< 2025.ms3
Published
Mar 02, 2026
Tracked Since
Mar 02, 2026