Cyber Posture

CVE-2025-53912

CriticalPublic PoC

Published: 20 January 2026

Published
20 January 2026
Modified
29 January 2026
KEV Added
Patch
CVSS Score 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
EPSS Score 0.0022 44.0th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Description

An arbitrary file read vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted HTTP request can lead to an arbitrary file read. An attacker can send http request to trigger this vulnerability.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly validates HTTP request inputs to the encapsulatedDoc functionality, preventing specially crafted requests from enabling external control of file paths and arbitrary file reads (CWE-73).

SI-2 Flaw Remediation good match
prevent

Requires timely remediation of the specific flaw in MedDream PACS Premium 7.3.6.870 that allows low-privileged remote attackers to trigger arbitrary file reads via HTTP requests.

AC-6 Least Privilege partial match
prevent

Enforces least privilege for the application process, limiting damage from successful path traversal by restricting access to sensitive files on the server.

Security SummaryAI

CVE-2025-53912 is an arbitrary file read vulnerability in the encapsulatedDoc functionality of MedDream PACS Premium version 7.3.6.870. The issue allows a specially crafted HTTP request to trigger the vulnerability, enabling unauthorized access to files on the affected system. It has been assigned CWE-73 (External Control of File Name or Path) and a CVSS v3.1 base score of 9.6 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N), indicating high severity due to its network accessibility, low attack complexity, and significant impacts on confidentiality and integrity.

An attacker with low privileges, such as an authenticated user, can exploit this vulnerability remotely over the network without requiring user interaction. By sending a malicious HTTP request to the vulnerable endpoint, the attacker can read arbitrary files on the server, potentially exposing sensitive data like configuration files, user credentials, or medical records in a PACS environment. The scoped impact (S:C) amplifies the consequences within the security scope, while the high integrity impact (I:H) suggests potential for data tampering through file access.

Details on mitigation and patches are available in the Cisco Talos Intelligence advisory at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2273. Security practitioners should consult this report for vendor-recommended updates or workarounds.

Details

CWE(s)
CWE-73

Affected Products

meddream
pacs server
7.3.6.870

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
attack.mitre.org →
Why these techniques?

Arbitrary file read vulnerability in web application enables exploitation of public-facing application (T1190), data collection from local system (T1005), and access to unsecured credentials in files (T1552.001).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References