Cyber Posture

CVE-2025-58402

High

Published: 02 March 2026

Published
02 March 2026
Modified
09 March 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0005 14.4th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-58402 is a high-severity Authorization Bypass Through User-Controlled Key (CWE-639) vulnerability in Cgm Clininet. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 14.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190).
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

AC-24 Access Control Decisions
addresses: CWE-639

Per-request decision making makes it harder to bypass authorization using user-controlled keys without proper validation in the decision process.

AC-3 Access Enforcement
addresses: CWE-639

Consistent enforcement of approved authorizations makes bypassing via user-controlled keys ineffective.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Authorization bypass via direct object reference in public web app enables remote unauthenticated data access, directly matching exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users.

Deeper analysisAI

CVE-2025-58402 is an authorization bypass vulnerability in the CGM CLININET application, stemming from the use of direct, sequential object identifiers labeled "MessageID" without proper authorization checks. This flaw, associated with CWE-639 (Authorization Bypass Through User-Controlled Key), allows unauthorized access to sensitive data via manipulated GET requests. The vulnerability received a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and was published on 2026-03-02.

An unauthenticated attacker (PR:N) can exploit this vulnerability over the network (AV:N) with low complexity (AC:L) by simply modifying the MessageID parameter in a GET request. Successful exploitation grants access to messages and attachments belonging to other users, resulting in high confidentiality impact (C:H) without affecting integrity or availability.

Mitigation details are referenced in advisories such as the CERT.PL post at https://cert.pl/en/posts/2026/03/CVE-2025-10350/ and the CGM CLININET product page at https://www.cgm.com/pol_pl/products/szpital/cgm-clininet.html. Security practitioners should consult these sources for patching instructions or workarounds specific to the affected application.

Details

CWE(s)
CWE-639

Affected Products

cgm
clininet
≤ 2025.ms4

CVEs Like This One

CVE-2025-30042Same product: Cgm Clininet
CVE-2025-40805Shared CWE-639
CVE-2026-4503Shared CWE-639
CVE-2026-40600Shared CWE-639
CVE-2023-53955Shared CWE-639
CVE-2020-36923Shared CWE-639
CVE-2026-33511Shared CWE-639
CVE-2026-39384Shared CWE-639
CVE-2025-14844Shared CWE-639
CVE-2023-53914Shared CWE-639

References