CVE-2025-53912
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-20

Last updated on: 2026-01-29

Assigner: Talos

Description
An arbitrary file read vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted HTTP request can lead to an arbitrary file read. An attacker can send http request to trigger this vulnerability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-20
Last Modified
2026-01-29
Generated
2026-06-16
AI Q&A
2026-01-20
EPSS Evaluated
2026-06-14
NVD
CVE-2025-53912
EUVD
EUVD-2026-3397
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
meddream pacs_server 7.3.6.870
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-73 The product allows user input to control or influence paths or file names that are used in filesystem operations.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-53912 is a critical arbitrary file read vulnerability in MedDream PACS Premium version 7.3.6.870. It exists in the encapsulatedDoc functionality, specifically in the Pacs/encapsulatedDoc.php script. The vulnerability arises because the 'path' parameter from an authenticated HTTP GET request is URL-decoded and used directly in a file open operation without any sanitization or directory restrictions. This allows an attacker with valid authentication to read arbitrary files on the server by specifying their path in the request. [1]

Impact Analysis

This vulnerability can lead to disclosure of sensitive files on the server, which may include confidential medical images or other protected data. Because an attacker can read arbitrary files, it can enable further attacks such as arbitrary code execution. The impact is high confidentiality and integrity loss, potentially exposing sensitive patient information and compromising the security of the medical image server. [1]

Detection Guidance

This vulnerability can be detected by monitoring HTTP GET requests to the /Pacs/encapsulatedDoc.php endpoint that include a 'path' parameter. Specifically, look for requests where the 'path' parameter contains file paths that could lead to arbitrary file reads. For example, you can use network monitoring tools or web server logs to search for requests matching the pattern: GET /Pacs/encapsulatedDoc.php?path=*. An example command to search web server logs for such requests could be: grep '/Pacs/encapsulatedDoc.php?path=' /var/log/apache2/access.log. Additionally, authenticated access is required to exploit this vulnerability, so monitoring authenticated sessions accessing this endpoint is important. [1]

Mitigation Strategies

Immediate mitigation steps include applying the vendor's patch released on 2025-12-05 for MedDream PACS Premium version 7.3.6.870. Until the patch is applied, restrict access to the /Pacs/encapsulatedDoc.php endpoint to trusted users only, enforce strong authentication, and monitor for suspicious requests to this endpoint. Additionally, consider implementing web application firewall (WAF) rules to block requests containing suspicious 'path' parameters that attempt directory traversal or arbitrary file access. [1]

Compliance Impact

This vulnerability allows an authenticated attacker to read arbitrary files on the server, potentially disclosing sensitive files. Such unauthorized disclosure of sensitive data could lead to non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and health information against unauthorized access. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-53912. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart