CVE-2025-53912 PUBLISHED

Assigner: talos
Reserved: 22.08.2025 Published: 20.01.2026 Updated: 20.01.2026

An arbitrary file read vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted HTTP request can lead to an arbitrary file read. An attacker can send http request to trigger this vulnerability.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
CVSS Score: 9.6

Attack Vector	Network	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	High
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	MedDream
Product	MedDream PACS Premium
Versions	Version 7.3.6.870 is affected

Credits

Discovered by Marcin 'Icewall' Noga of Cisco Talos.

References

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2273

Problem Types

CWE-73: External Control of File Name or Path CWE