EUVD-2025-208150

ID: EUVD-2025-208150

Severity: high

CVSS v4: 7.1 (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N)

CVSS v3: Not provided

CWE: None listed

Source: ENISA

Description

The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users.

Timestamps

Normalized: 2026-03-02T12:15:02Z UTC
Last updated: 2026-03-02T12:15:02Z UTC

References

No references provided.

VulnAI

EUVD-2025-208150

Description

Timestamps

References