CVE-2025-30064
Possibility to generate a session for any user via the "ex:action" parameter after obtaining access to the JWT key
An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not verify which signing algorithm was used. As a result, an attacker can use the "ex:action" parameter in the VerifyUserByThrustedService function to generate a session for any user.
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Affected products
CGM · CGM CLININETWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →