CVE-2025-30055 is a critical code injection vulnerability classified under CWE-94 (Improper Control of Generation of Code) affecting the CGM CLININET product by CGM. The vulnerability arises because the "system" function within the application processes untrusted user input without proper validation or sanitization. Specifically, when the "EnableJSCaching" option is enabled, an attacker can supply malicious code through the "Module" parameter, which is then executed by the system function. This allows for arbitrary code execution on the affected system. The vulnerability has a CVSS 4.0 base score of 9, indicating a critical severity level. The vector metrics show that the attack requires adjacent network access (AV:A), low attack complexity (AC:L), no privileges (PR:N), no user interaction (UI:N), and partial attack and impact scope across confidentiality, integrity, and availability (VC:H, VI:H, VA:H). This means an attacker can remotely exploit the vulnerability without authentication or user interaction, leading to full compromise of the affected system. The vulnerability was reserved in March 2025 and published in August 2025, with no known exploits in the wild at the time of reporting. However, given the nature of the flaw and the critical severity, exploitation could lead to complete system takeover, data theft, disruption of services, or further lateral movement within a network. CGM CLININET is a clinical information system used in healthcare environments, which typically handle sensitive patient data and critical healthcare operations. Therefore, the impact of this vulnerability extends beyond IT security to patient safety and regulatory compliance.

For European organizations, particularly healthcare providers using CGM CLININET, this vulnerability poses a severe risk. Exploitation could lead to unauthorized access to sensitive patient records, violating GDPR and other data protection regulations, potentially resulting in heavy fines and reputational damage. The ability to execute arbitrary code remotely without authentication means attackers could deploy ransomware, disrupt clinical workflows, or manipulate medical data, directly impacting patient care and safety. Given the critical nature of healthcare infrastructure, such an incident could also strain emergency response and healthcare delivery. Additionally, the disruption of clinical systems could have cascading effects on hospital operations and national healthcare services. The vulnerability's presence in a clinical information system makes it a high-value target for cybercriminals and potentially nation-state actors interested in espionage or sabotage. The lack of known patches at the time of disclosure increases the urgency for organizations to implement compensating controls.

1. Immediate mitigation should include disabling the "EnableJSCaching" option if feasible, as this setting enables the vulnerable code path. 2. Apply strict network segmentation to isolate CGM CLININET systems from untrusted networks, limiting access to only trusted adjacent systems and administrators. 3. Implement robust input validation and filtering at network and application layers to detect and block suspicious payloads targeting the "Module" parameter. 4. Monitor logs and network traffic for unusual activity indicative of exploitation attempts, such as unexpected system command executions or anomalous parameter values. 5. Employ application-layer firewalls or web application firewalls (WAFs) with custom rules to block exploitation vectors targeting this vulnerability. 6. Coordinate with CGM for timely patches or updates; if patches are unavailable, consider vendor guidance or temporary workarounds. 7. Conduct thorough security assessments and penetration testing focused on this vulnerability to identify exposure and validate mitigations. 8. Train IT and security staff to recognize exploitation signs and respond rapidly to incidents involving CGM CLININET systems.