CVE-2025-30042 - Session generation possible with certificate number only

CVE ID : CVE-2025-30042 Published : March 2, 2026, 12:16 p.m. | 1 hour ago Description : The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in reality, only the certificate number is used for access verification. As a result, possession of the certificate number alone is sufficient for authentication, regardless of the actual presence of the smart card or ownership of the private key. Severity: 9.0 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...