← back
CVE-2025-30064

Possibility to generate a session for any user via the "ex:action" parameter after obtaining access to the JWT key

CVSS 8.8 HIGHEPSS 0.1%CWE-347CWE-912
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.8EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
27 Aug 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not verify which signing algorithm was used. As a result, an attacker can use the "ex:action" parameter in the VerifyUserByThrustedService function to generate a session for any user.
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Affected products
CGM · CGM CLININET

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cert.pl/en/posts/2025/08/CVE-2025-2313/