CVE-2025-30059 is a medium-severity SQL injection vulnerability identified in the CGM CLININET product, specifically within the PrepareCDExportJSON.pl service's "getPerfServiceIds" function. The vulnerability stems from improper neutralization of special elements used in SQL commands (CWE-89), allowing an attacker with low privileges and no user interaction to inject malicious SQL code. The CVSS 4.0 vector indicates that the attack requires adjacent network access (AV:A), low attack complexity (AC:L), no authentication needed (AT:N), and no user interaction (UI:N). The vulnerability impacts the confidentiality of data (VC:H), but does not affect integrity or availability. The affected product, CGM CLININET, is a clinical information system used primarily in healthcare settings to manage patient data and clinical workflows. Exploiting this vulnerability could allow an attacker to extract sensitive healthcare data by manipulating SQL queries, potentially exposing patient records or other confidential information. Although no known exploits are currently in the wild and no patches have been published yet, the presence of this vulnerability in a healthcare system poses a significant risk due to the sensitivity of the data handled. The vulnerability was reserved in March 2025 and published in August 2025, indicating recent discovery and disclosure. The lack of authentication requirement and no need for user interaction make this vulnerability easier to exploit within the network environment where CGM CLININET is deployed.

For European organizations, particularly healthcare providers using CGM CLININET, this vulnerability could lead to unauthorized disclosure of sensitive patient information, violating GDPR and other data protection regulations. The exposure of protected health information (PHI) could result in severe legal penalties, reputational damage, and loss of patient trust. Since the vulnerability allows data confidentiality compromise without affecting integrity or availability, attackers could silently extract data without disrupting services, making detection more difficult. The medium CVSS score reflects the balance between ease of exploitation and the impact limited to confidentiality. However, given the critical nature of healthcare data, the real-world impact could be substantial. Additionally, healthcare organizations often operate in interconnected environments, increasing the risk of lateral movement if attackers gain initial access through this vulnerability. The absence of known exploits currently provides a window for mitigation, but attackers may develop exploits rapidly given the low complexity and no user interaction requirements.

European healthcare organizations using CGM CLININET should immediately conduct an inventory to confirm deployment of the affected versions. Network segmentation should be enforced to restrict access to the CGM CLININET services, limiting exposure to trusted hosts only. Implement strict input validation and parameterized queries in the PrepareCDExportJSON.pl service to neutralize SQL injection vectors. Until an official patch is released, consider deploying Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting the vulnerable function. Monitor logs for unusual database query patterns or unexpected data access. Employ network intrusion detection systems (NIDS) tuned to detect SQL injection attempts. Conduct regular security assessments and penetration testing focused on this vulnerability. Finally, establish an incident response plan tailored to potential data breaches involving healthcare data to ensure rapid containment and notification in case of exploitation.