CVE-2025-10350 | THREATINT

Description

SQL Injection vulnerability in "imageserver" module when processing C-FIND queries in CGM NETRAAD software allows attacker connected to PACS gaining access to database, including data processed by GCM CLININET software.This issue affects CGM NETRAAD with imageserver module in versions before 7.9.0.

PUBLISHED Reserved 2025-09-12 | Published 2026-03-02 | Updated 2026-03-02 | Assigner CERT-PL

HIGH: 8.8CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L

Problem types

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

Default status

affected

Any version before 7.9.0

affected

Credits

Maciej Kazulak finder

References

cert.pl/en/posts/2026/03/CVE-2025-10350/ third-party-advisory

www.cgm.com/pol_pl/products/szpital/cgm-netraad.html product

cve.org (CVE-2025-10350)

nvd.nist.gov (CVE-2025-10350)

Download JSON