CVE-2025-53912
BaseFortify
Publication date: 2026-01-20
Last updated on: 2026-01-29
Assigner: Talos
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| meddream | pacs_server | 7.3.6.870 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-73 | The product allows user input to control or influence paths or file names that are used in filesystem operations. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-53912 is a critical arbitrary file read vulnerability in MedDream PACS Premium version 7.3.6.870. It exists in the encapsulatedDoc functionality, specifically in the Pacs/encapsulatedDoc.php script. The vulnerability arises because the 'path' parameter from an authenticated HTTP GET request is URL-decoded and used directly in a file open operation without any sanitization or directory restrictions. This allows an attacker with valid authentication to read arbitrary files on the server by specifying their path in the request. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the vendor's patch released on 2025-12-05 for MedDream PACS Premium version 7.3.6.870. Until the patch is applied, restrict access to the /Pacs/encapsulatedDoc.php endpoint to trusted users only, enforce strong authentication, and monitor for suspicious requests to this endpoint. Additionally, consider implementing web application firewall (WAF) rules to block requests containing suspicious 'path' parameters that attempt directory traversal or arbitrary file access. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows an authenticated attacker to read arbitrary files on the server, potentially disclosing sensitive files. Such unauthorized disclosure of sensitive data could lead to non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and health information against unauthorized access. [1]
How can this vulnerability impact me? :
This vulnerability can lead to disclosure of sensitive files on the server, which may include confidential medical images or other protected data. Because an attacker can read arbitrary files, it can enable further attacks such as arbitrary code execution. The impact is high confidentiality and integrity loss, potentially exposing sensitive patient information and compromising the security of the medical image server. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring HTTP GET requests to the /Pacs/encapsulatedDoc.php endpoint that include a 'path' parameter. Specifically, look for requests where the 'path' parameter contains file paths that could lead to arbitrary file reads. For example, you can use network monitoring tools or web server logs to search for requests matching the pattern: GET /Pacs/encapsulatedDoc.php?path=*. An example command to search web server logs for such requests could be: grep '/Pacs/encapsulatedDoc.php?path=' /var/log/apache2/access.log. Additionally, authenticated access is required to exploit this vulnerability, so monitoring authenticated sessions accessing this endpoint is important. [1]