Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
CGM CLININET Exposes Users to Client-Side Attacks Through Missing Security Headers
CVE-2025-58406
Summary
The CGM CLININET application is missing essential security headers, making it vulnerable to attacks like clickjacking, which can trick users into performing actions unintentionally. This can lead to data theft or unauthorized access. To protect users, update the application to include necessary security headers.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| cgm | clininet | <= 2025.ms3 | – |
Original title
The CGM CLININET application respond without essential security HTTP headers, exposing users to client‑side attacks such as clickjacking, MIME sniffing, unsafe caching, weak cross‑origin isolation,...
Original description
The CGM CLININET application respond without essential security HTTP headers, exposing users to client‑side attacks such as clickjacking, MIME sniffing, unsafe caching, weak cross‑origin isolation, and missing transport security controls.
nvd CVSS4.0
5.3
Vulnerability type
CWE-693
Protection Mechanism Failure
Published: 2 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026