CVE-2025-27724 | THREATINT

Description

A privilege escalation vulnerability exists in the login.php functionality of meddream MedDream PACS Premium 7.3.3.840. A specially crafted .php file can lead to elevated capabilities. An attacker can upload a malicious file to trigger this vulnerability.

PUBLISHED Reserved 2025-03-17 | Published 2025-07-28 | Updated 2025-11-03 | Assigner talos

CRITICAL: 9.3CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-284: Improper Access Control

Product status

7.3.3.840

affected

Credits

Discovered by Emmanuel Tacheau of Cisco Talos.

References

www.talosintelligence.com/...ability_reports/TALOS-2025-2156

talosintelligence.com/vulnerability_reports/TALOS-2025-2156

cve.org (CVE-2025-27724)

nvd.nist.gov (CVE-2025-27724)

Download JSON