CVE-2025-58405

Sažetak

The CGM CLININET application does not implement any mechanisms that prevent clickjacking attacks, neither HTTP security headers nor HTML-based frame‑busting protections were detected. As a result, an attacker can embed the application inside a maliciously crafted IFRAME and trick users into performing unintended actions, including potentially bypassing CSRF/XSRF defenses.

Reference

https://cert.pl/en/posts/2026/03/CVE-2025-10350/
https://www.cgm.com/pol_pl/products/szpital/cgm-clininet.html

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

02-03-2026 - 20:29

Objavljeno

02-03-2026 - 12:16