What is the CVSS score of CVE-2025-53912?

CVE-2025-53912 has a CVSS 3.1 base score of 9.6 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N. EPSS exploitation probability: 0.2%.

Which versions of Pacs Server are affected by CVE-2025-53912?

CVE-2025-53912 presents critical security risk rated CVSS 9.6. Successful exploitation could critically impact the confidentiality, integrity, and availability of affected systems.

Is there a public PoC exploit available for CVE-2025-53912?

Yes, a public proof-of-concept exploit is available for CVE-2025-53912. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2025-53912?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Monitor vendor channels for patch availability.

Pacs Server CVE-2025-53912

CRITICAL

External Control of File Name or Path (CWE-73)

2026-01-20 talos-cna@cisco.com

Information Disclosure Pacs Server

9.6

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.6 CRITICAL

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Jan 29, 2026 - 15:26 vuln.today

Public exploit code

CVE Published

Jan 20, 2026 - 15:16 nvd

CRITICAL 9.6

DescriptionCVE.org

An arbitrary file read vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted HTTP request can lead to an arbitrary file read. An attacker can send http request to trigger this vulnerability.

AnalysisAI

MedDream PACS Premium 7.3.6.870 has an arbitrary file read vulnerability in the encapsulatedDoc feature that allows attackers to read sensitive server files including DICOM medical records.

Technical ContextAI

MedDream PACS Premium 7.3.6.870's encapsulatedDoc functionality has a CWE-73 external control of file name vulnerability that allows attackers to specify arbitrary file paths, reading any file accessible to the PACS service.

RemediationAI

Update MedDream PACS. Restrict network access to PACS servers. Monitor for anomalous file access patterns.

CVE-2025-53912 vulnerability details – vuln.today

Back