CVE-2025-53912 | THREATINT

Description

An arbitrary file read vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted HTTP request can lead to an arbitrary file read. An attacker can send http request to trigger this vulnerability.

PUBLISHED Reserved 2025-08-22 | Published 2026-01-20 | Updated 2026-01-20 | Assigner talos

CRITICAL: 9.6CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Problem types

CWE-73: External Control of File Name or Path

Product status

7.3.6.870

affected

Credits

Discovered by Marcin 'Icewall' Noga of Cisco Talos.

References

www.talosintelligence.com/...ability_reports/TALOS-2025-2273

talosintelligence.com/vulnerability_reports/TALOS-2025-2273

cve.org (CVE-2025-53912)

nvd.nist.gov (CVE-2025-53912)

Download JSON