CVE-2025-53912

CRITICAL
2026-01-20 [email protected]
9.6
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
PoC Detected
Jan 29, 2026 - 15:26 vuln.today
Public exploit code
CVE Published
Jan 20, 2026 - 15:16 nvd
CRITICAL 9.6

Tags

Information Disclosure Pacs Server

Description

An arbitrary file read vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted HTTP request can lead to an arbitrary file read. An attacker can send http request to trigger this vulnerability.

Analysis

MedDream PACS Premium 7.3.6.870 has an arbitrary file read vulnerability in the encapsulatedDoc feature that allows attackers to read sensitive server files including DICOM medical records.

Technical Context

MedDream PACS Premium 7.3.6.870's encapsulatedDoc functionality has a CWE-73 external control of file name vulnerability that allows attackers to specify arbitrary file paths, reading any file accessible to the PACS service.

Affected Products

['MedDream PACS Premium 7.3.6.870']

Remediation

Update MedDream PACS. Restrict network access to PACS servers. Monitor for anomalous file access patterns.

Priority Score

68
Low Medium High Critical
KEV: 0
EPSS: +0.2
CVSS: +48
POC: +20

Share

CVE-2025-53912 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy