CVE-2025-30057 CRITICAL

CVE-2025-30057: Authenticated RCE with uhcapache privileges in ConvertToPDF

Vendor Cgm

Product CGM CLININET

Weakness CWE-94 · Code injection

Published August 27, 2025

Last update August 27, 2025

View on NVD All CVEs

CVSS base score

9.4/10

Attack vector Adjacent

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

Description

In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command injection into the system() call in the ConvertToPDF function.

Key dates

Disclosure timeline

August 27, 2025 CVE published

August 27, 2025 Record updated