Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.1
CGM CLININET Exposes User Messages and Attachments to Unauthorized Access
CVE-2025-58402
Summary
CGM CLININET's messaging system does not properly verify user access, allowing hackers to view and access messages and attachments from other users by manipulating a specific parameter in a GET request. This could lead to unauthorized access to sensitive information. To protect your data, update the CGM CLININET application to include proper authorization checks for accessing messages and attachments.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| cgm | clininet | <= 2025.ms4 | – |
Original title
The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messag...
Original description
The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users.
nvd CVSS4.0
7.1
Vulnerability type
CWE-639
Authorization Bypass Through User-Controlled Key
Published: 2 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026