CVE-2025-30038— Session ID leakage in Zone.Identifier of downloaded files

EPSS 0.02% · P7 Updated Aug 28, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-30038

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Session ID leakage in Zone.Identifier of downloaded files

Source: NVD (National Vulnerability Database)

Vulnerability Description

The vulnerability consists of a session ID leak when saving a file downloaded from CGM CLININET. The identifier is exposed through a built-in Windows security feature that stores additional metadata in an NTFS alternate data stream (ADS) for all files downloaded from potentially untrusted sources.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

CWE-1230

Source: NVD (National Vulnerability Database)

Vulnerability Title

CGM CLININET 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

CGM CLININET是德国CGM公司的一款医院信息管理系统。 CGM CLININET存在安全漏洞，该漏洞源于会话ID通过NTFS备用数据流泄露。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
CGM	CGM CLININET	0 ~ 2025.MS1	-

II. Public POCs for CVE-2025-30038

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-30038

请登录查看更多情报信息。

Same Patch Batch · CGM · 2025-08-27 · 17 CVEs total

CVE-2025-2313		RCE via Print.pl in uhcPrintServerPrint
CVE-2025-30037		Missing authentication in APIs allowing data retrieval and modification
CVE-2025-30061		SQL injection in utils/Reporter/OpenReportWindow.pl via the UserID parameter
CVE-2025-30039		Missing authentication in API returning a list of all active sessions
CVE-2025-30064		Possibility to generate a session for any user via the "ex:action" parameter after obtaini
CVE-2025-30040		Missing authentication in API returning request logs containing session IDs
CVE-2025-30063		Excessive permissions on configuration files containing database logins and passwords
CVE-2025-30036		Stored XSS permitting session takeover of arbitrary user
CVE-2025-30056		Calling system commands via RunCommand
CVE-2025-30058		SQL injection in getPatientIdentifier function of PatientService.pl
CVE-2025-30060		SQL injection in ReturnUserUnitsXML.pl via the UserID parameter
CVE-2025-30048		Unauthenticated access to module configuration endpoint
CVE-2025-30057		Authenticated RCE with uhcapache privileges in ConvertToPDF
CVE-2025-30059		Authenticated SQL injection in PrepareCDExportJSON.pl
CVE-2025-30041		Missing authentication in APIs returning statistical data along with session IDs
CVE-2025-30055		Conditional RCE via the "system" function

IV. Related Vulnerabilities

Same product: CGM CLININET

Same vendor: CGM

Same weakness: CWE-1230

V. Comments for CVE-2025-30038

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-30038— Session ID leakage in Zone.Identifier of downloaded files

I. Basic Information for CVE-2025-30038

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-30038

III. Intelligence Information for CVE-2025-30038

Same Patch Batch · CGM · 2025-08-27 · 17 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-30038

Leave a comment