CVE-2025-58405— Lack of protection mechanisms against Clickjacking attacks
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-58405
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Lack of protection mechanisms against Clickjacking attacks
Source: NVD (National Vulnerability Database)
Vulnerability Description
The CGM CLININET application does not implement any mechanisms that prevent clickjacking attacks, neither HTTP security headers nor HTML-based frame‑busting protections were detected. As a result, an attacker can embed the application inside a maliciously crafted IFRAME and trick users into performing unintended actions, including potentially bypassing CSRF/XSRF defenses.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
不当限制渲染UI层或帧
Source: NVD (National Vulnerability Database)
Vulnerability Title
CGM CLININET 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
CGM CLININET是德国CGM公司的一款医院信息管理系统。 CGM CLININET存在安全漏洞,该漏洞源于未实施任何防止点击劫持攻击的机制,可能导致攻击者将应用程序嵌入恶意制作的IFRAME中并诱使用户执行意外操作。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| CGM | CGM CLININET | 0 ~ 2025.MS3 | - |
II. Public POCs for CVE-2025-58405
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-58405
请登录查看更多情报信息。
- Vulnerabilities in CGM CLININET and CGM NETRAAD software | CERT Polskathird-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-58405
Same Patch Batch · CGM · 2026-03-02 · 8 CVEs total
| CVE-2025-58406 | Lack of HTTP Response Headers | |
| CVE-2025-58402 | Insecure Direct Object Reference Message ID | |
| CVE-2025-30042 | Session generation possible with certificate number only | |
| CVE-2025-30035 | Lack of API authentication allowing session generation for any user | |
| CVE-2025-30062 | SQL injection in CheckUnitCodeAndKey.pl | |
| CVE-2025-30044 | RCE on uhcapache user permissions | |
| CVE-2025-10350 | SQL injection in CGM NETRAAD |
IV. Related Vulnerabilities
Same weakness: CWE-1021
- CVE-2026-3254
Improper Restriction of Rendered UI Layers or Frames in GitL - CVE-2026-2378
Address bar spoofing risk in ArcSearch on Android - CVE-2025-62328
HCL Nomad server on Domino is affected by a missing default - CVE-2026-27511
Tenda F3 Clickjacking in Web Management Interface - CVE-2026-26000
XWiki Platform affected by click-jacking through CSS injecti
V. Comments for CVE-2025-58405
No comments yet