Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
A path Traversal vulnerability exists in Ziostation2 v2.9.8.7 and earlier. A remote unauthenticated attacker may get sensitive information on the operating system.
AnalysisAI
Remote unauthenticated attackers can access sensitive operating system files in Ziostation2 medical imaging software v2.9.8.7 and earlier via path traversal, achieving high confidentiality impact. The vulnerability requires no authentication, low attack complexity, and no user interaction (CVSS:4.0 AV:N/AC:L/PR:N/UI:N), making it easily exploitable from the network. While not currently listed in CISA KEV and lacking public exploit code at time of analysis, the trivial exploitation conditions and exposure of medical system data present significant risk to healthcare organizations using affected versions.
Technical ContextAI
Ziostation2 is a medical imaging workstation from ZIOSOFT used in healthcare environments for diagnostic imaging analysis and visualization. This vulnerability stems from CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), commonly known as path traversal or directory traversal. The flaw allows attackers to manipulate file path references-likely through URL parameters, API endpoints, or file access functions-to escape intended directory boundaries and access files outside the application's designated scope. In medical imaging systems, this could expose DICOM files, patient data, configuration files containing credentials, or underlying Windows/Linux operating system files. The affected product is identified by CPE cpe:2.3:a:ziosoft,_inc.:ziostation2, confirming ZIOSOFT Inc. as the vendor.
RemediationAI
Healthcare organizations should immediately contact ZIOSOFT support to obtain and deploy patched versions newer than v2.9.8.7-exact fix version not specified in available advisories but vendor coordination through JPCERT confirms remediation exists. Consult JPCERT advisory JVN00575116 at https://jvn.jp/en/jp/JVN00575116/ for vendor-specific update instructions and patch availability timelines. As interim compensating controls until patching: isolate Ziostation2 systems behind network segmentation with strict firewall rules allowing only authenticated DICOM and workstation traffic from trusted medical networks, blocking all external Internet access; implement web application firewall (WAF) rules to detect and block path traversal patterns in HTTP requests (../, ..\ sequences, URL-encoded variants); enable comprehensive file access auditing to detect unauthorized file retrieval attempts; and review application access logs for suspicious patterns like repeated 404 errors or requests containing directory traversal strings. Note that network isolation may impact remote radiology workflows and requires coordination with clinical operations. WAF rules may generate false positives with legitimate file access patterns requiring tuning. No workaround fully mitigates the vulnerability-patching remains the definitive remediation.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25140
GHSA-8pjf-p5gm-5gq6