CVE-2025-30039 is a critical vulnerability identified in the CGM CLININET product by CGM. The vulnerability is classified under CWE-306, which refers to Missing Authentication for Critical Function. Specifically, the issue lies in the "/cgi-bin/CliniNET.prd/GetActiveSessions.pl" endpoint, which does not require any authentication to access. This flaw allows an unauthenticated attacker to retrieve active user sessions currently logged into the system. Exploiting this vulnerability enables the attacker to hijack any user session, including those with administrative privileges, effectively granting full control over the system without needing valid credentials. The vulnerability has a CVSS 4.0 base score of 9, indicating a critical severity level. The vector details show that the attack requires adjacent network access (AV:A), has low attack complexity (AC:L), does not require privileges (PR:N), and no user interaction (UI:N). The impact on confidentiality, integrity, and availability is high, and the scope is changed, meaning the attacker can affect resources beyond their initial access. No known exploits are currently reported in the wild, but the severity and nature of the vulnerability make it a significant risk. The vulnerability affects version "0" of the product, which likely indicates an early or default version or a placeholder for affected versions. CGM CLININET is a clinical information system used in healthcare environments, which means the vulnerability could expose sensitive patient data and critical healthcare operations to compromise.

For European organizations, especially healthcare providers using CGM CLININET, this vulnerability poses a severe risk. Successful exploitation could lead to unauthorized access to sensitive patient records, manipulation of clinical data, and disruption of healthcare services. The ability to hijack admin sessions means attackers could alter system configurations, disable security controls, or introduce malicious changes that impact patient safety and data integrity. Given the critical nature of healthcare data under regulations such as GDPR, a breach could result in significant legal and financial penalties, loss of patient trust, and operational downtime. Additionally, healthcare systems are often interconnected with other critical infrastructure, so compromise could cascade, affecting broader organizational and national healthcare capabilities. The vulnerability's exploitation without authentication and user interaction makes it highly accessible to attackers with network access, increasing the likelihood of targeted attacks or automated exploitation in adjacent network environments such as hospital intranets or VPNs.

Immediate mitigation should focus on restricting access to the vulnerable endpoint. Network segmentation and strict access controls should be applied to ensure only trusted and authenticated users can reach the "/cgi-bin/CliniNET.prd/GetActiveSessions.pl" endpoint. Implementing Web Application Firewalls (WAF) with custom rules to block unauthenticated requests to this endpoint can provide a temporary protective layer. Organizations should monitor network traffic for unusual access patterns to this CGI endpoint and active session anomalies. Since no patch links are currently available, contacting CGM for official patches or updates is critical. In parallel, organizations should enforce multi-factor authentication (MFA) for all administrative access to reduce the impact of session hijacking. Regular session management reviews, including session timeout policies and invalidation of stale sessions, can limit the window of opportunity for attackers. Finally, conducting internal penetration testing and vulnerability scanning focused on session management and authentication controls in CGM CLININET deployments will help identify and remediate related weaknesses.