← back
CVE-2025-58406

Lack of HTTP Response Headers

CVSS 5.3 MEDIUMEPSS 0.2%CWE-693
The CGM CLININET application respond without essential security HTTP headers, exposing users to client‑side attacks such as clickjacking, MIME sniffing, unsafe caching, weak cross‑origin isolation, and missing transport security controls.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Affected products
CGM · CGM CLININET

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cert.pl/en/posts/2026/03/CVE-2025-10350/https://www.cgm.com/pol_pl/products/szpital/cgm-clininet.html