PT-2026-3597 · Unknown · Meddream Pacs Premium

Marcin Icewall

Publicado

2026-01-20

Atualizado

2026-01-24

CVE-2025-53912

CVSS v3.1

9.6

Crítica

Vetor

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions MedDream PACS Premium version 7.3.6.870

Description An arbitrary file read issue exists in the encapsulatedDoc functionality. A specially crafted HTTP request can lead to unauthorized file access. An attacker can send an HTTP request to the encapsulatedDoc endpoint to trigger this issue. The vulnerability allows reading any file on the server.

Recommendations MedDream PACS Premium version 7.3.6.870: As a temporary workaround, consider disabling the encapsulatedDoc endpoint until a patch is available.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-73

Identificadores relacionados

CVE-2025-53912

Produtos afetados

Meddream Pacs Premium

PT-2026-3597 · Unknown · Meddream Pacs Premium

CVE-2025-53912

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8