CVE-2025-58405 | THREATINT

Description

The CGM CLININET application does not implement any mechanisms that prevent clickjacking attacks, neither HTTP security headers nor HTML-based frame‑busting protections were detected. As a result, an attacker can embed the application inside a maliciously crafted IFRAME and trick users into performing unintended actions, including potentially bypassing CSRF/XSRF defenses.

PUBLISHED Reserved 2025-09-01 | Published 2026-03-02 | Updated 2026-03-02 | Assigner CERT-PL

MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-1021 Improper Restriction of Rendered UI Layers or Frames

Product status

Default status

unaffected

Any version before 2025.MS3

affected

References

cert.pl/en/posts/2026/03/CVE-2025-10350/ third-party-advisory

www.cgm.com/pol_pl/products/szpital/cgm-clininet.html product

cve.org (CVE-2025-58405)

nvd.nist.gov (CVE-2025-58405)

Download JSON