How to fix CVE-2025-58402?

Within 24 hours: Disable public access to the CGM CLININET MessageID parameter or restrict the application to read-only mode if operationally feasible; notify legal and compliance teams of potential data exposure. Within 7 days: Conduct forensic audit of access logs to identify unauthorized message/attachment retrievals; notify affected patients and regulators per breach notification requirements; deploy WAF rules to block sequential parameter manipulation attempts. Within 30 days: Work with CGM to obtain and apply security patch once available; implement mandatory authorization checks on all object-level access; conduct full security review of similar sequential identifier patterns across all applications.

Is Clininet affected by CVE-2025-58402?

CVE-2025-58402 is a HIGH severity vulnerability in CGM CLININET that allows attackers to access confidential patient messages and attachments belonging to other users by manipulating request parameters.

CVE-2025-58402

HIGH

2026-03-02 [email protected]

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

CVE Published

Mar 02, 2026 - 12:16 nvd

HIGH 7.5

Description

The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users.

Analysis

Technical Context

Classified as CWE-639 (Authorization Bypass Through User-Controlled Key). Affects Clininet. The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users.

Affected Products

Vendor: Cgm. Product: Clininet.

Remediation

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +38

POC: 0

CVE-2025-58402 vulnerability details – vuln.today

Back

CVE-2025-58402

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-58402

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code