CVE-2025-30064 is a high-severity vulnerability affecting the CGM CLININET product by CGM. The core issue stems from insufficient security controls around an internal function responsible for session generation. Specifically, the decodeParam function processes JSON Web Tokens (JWTs) but fails to verify the signing algorithm used. This flaw allows an attacker to manipulate the "ex:action" parameter within the VerifyUserByThrustedService function to generate authenticated sessions for arbitrary users without proper authorization. The vulnerability is categorized under CWE-912 (Hidden Functionality) and CWE-347 (Improper Verification of Cryptographic Signature). The lack of algorithm verification means an attacker can potentially craft tokens with weaker or none algorithms to bypass authentication checks. Although the vulnerability requires local access (Attack Vector: Local) and high attack complexity, it does not require user interaction and only low privileges to exploit. The impact on confidentiality, integrity, and availability is high, as unauthorized session creation can lead to full account takeover, data exposure, and potential disruption of clinical workflows. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability was published on August 27, 2025, with a CVSS 4.0 score of 8.8, indicating a serious threat to affected systems.

For European organizations, particularly healthcare providers using CGM CLININET, this vulnerability poses a significant risk. CGM CLININET is a clinical information system used to manage patient data and clinical workflows. Exploitation could allow attackers to impersonate any user, including medical staff or administrators, leading to unauthorized access to sensitive patient records, alteration of clinical data, and disruption of healthcare services. This could result in violations of GDPR due to unauthorized data access, potential harm to patient safety, and reputational damage. The high confidentiality and integrity impact could undermine trust in healthcare IT systems. Additionally, the local attack vector suggests insider threats or attackers who have gained limited access could escalate privileges easily. Given the critical nature of healthcare data and services, exploitation could have severe operational and legal consequences for European healthcare institutions.

1. Immediate mitigation should include restricting access to the affected internal functions and monitoring for unusual session generation activities. 2. Implement strict verification of JWT signing algorithms in the decodeParam function to ensure only expected and secure algorithms are accepted. 3. Apply strong cryptographic validation and reject tokens signed with none or weak algorithms. 4. Enforce role-based access controls and multi-factor authentication to reduce the risk of unauthorized access even if session generation is compromised. 5. Conduct thorough code audits and penetration testing focused on authentication and session management components. 6. Monitor logs for suspicious use of the "ex:action" parameter or unexpected session creations. 7. Coordinate with CGM for timely patch deployment once available and prioritize updates in healthcare environments. 8. Educate internal staff about insider threat risks and implement network segmentation to limit local access to critical systems.