CVE-2025-30036 is a high-severity stored Cross-Site Scripting (XSS) vulnerability identified in the CGM CLININET healthcare software, specifically within the "Oddział" (Ward) module's death diagnosis description field. This vulnerability arises due to improper neutralization of input during web page generation (CWE-79), allowing an attacker to inject and execute arbitrary JavaScript code in the context of other users' browsers. Because the vulnerability is stored, malicious scripts persist in the application’s database and are served to any user accessing the affected module. Exploitation can lead to session hijacking, enabling attackers to impersonate legitimate users, and potentially escalate privileges up to full administrative rights. The CVSS 4.0 base score of 8.8 reflects the vulnerability's high impact on confidentiality, integrity, and availability, with a local attack vector requiring low complexity and partial privileges but no user interaction. The vulnerability affects CGM CLININET versions marked as "0" (likely indicating initial or all versions prior to patching). No public exploits are currently known, but the critical nature of the flaw in a healthcare context demands urgent attention. The vulnerability was reserved in March 2025 and published in August 2025 by CERT-PL, indicating active tracking and disclosure by Polish cybersecurity authorities.

For European healthcare organizations using CGM CLININET, this vulnerability poses significant risks. Exploitation could lead to unauthorized access to sensitive patient data, manipulation of medical records, and disruption of clinical workflows. Session hijacking could allow attackers to perform actions under legitimate user accounts, including those with elevated privileges, potentially leading to full system compromise. This undermines patient privacy, violates GDPR requirements, and could result in severe reputational damage and regulatory penalties. Additionally, privilege escalation could enable attackers to alter or delete critical medical data, impacting patient care and safety. Given the healthcare sector's critical role and the sensitive nature of the data involved, the threat is particularly severe. The local attack vector implies that attackers need some level of access, such as authenticated user credentials, which may be feasible through phishing or insider threats. The lack of required user interaction for exploitation increases the risk of automated or stealthy attacks within the network.

European organizations should immediately audit their CGM CLININET deployments to identify affected versions and restrict access to the "Oddział" module to trusted personnel only. Implement strict input validation and output encoding on all user-supplied data fields, especially the death diagnosis description field, to neutralize malicious scripts. Deploy Web Application Firewalls (WAFs) with custom rules to detect and block XSS payloads targeting this module. Enforce the principle of least privilege for all users, limiting access rights to the minimum necessary. Conduct thorough user activity monitoring and anomaly detection to identify suspicious behavior indicative of exploitation attempts. Since no official patches are currently available, organizations should coordinate with CGM for timely updates and consider temporary compensating controls such as disabling the vulnerable module or restricting its functionality. Additionally, educate staff about phishing and credential security to reduce the risk of initial access. Regularly back up critical data and test incident response plans to prepare for potential compromise scenarios.