CVE-2025-53912

Published: Jan 20, 2026Modified: Jan 29, 2026

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

An arbitrary file read vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted HTTP request can lead to an arbitrary file read. An attacker can send http request to trigger this vulnerability.

Affected (1)

Products: Meddream: Pacs Server

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Meddream Pacs Server	Version 7.3.6.870

Related CWEs

External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

References (2)

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2273

Source: talos-cna@cisco.com

ExploitThird Party Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2273

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.