Cyber Resilience

CVE-2025-26469

CriticalPublic PoCLPEUpdated

Published: 28 July 2025

Published
28 July 2025
Modified
17 June 2026
KEV Added
Patch
CVSS Score v3.1 9.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0052 40.2th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-26469 is a critical-severity Incorrect Permission Assignment for Critical Resource (CWE-732) vulnerability in Meddream Pacs Server. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Credentials in Registry (T1552.002); ranked at the 40.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-26469, published on 2025-07-28, is an incorrect default permissions vulnerability (CWE-732) in the CServerSettings::SetRegistryValues functionality of MedDream PACS Premium version 7.3.3.840. The issue stems from improper registry key permissions, allowing a specially crafted application to decrypt credentials stored in a configuration-related registry key. It carries a CVSS v3.1 base score of 9.3 (AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), indicating critical severity due to low attack complexity, no privileges or user interaction required, and high impacts across confidentiality, integrity, and availability with scope change.

A local attacker can exploit this vulnerability by executing a malicious script or application on the affected system. No authentication or elevated privileges are needed, enabling unprivileged users with local access—such as via a compromised endpoint or physical access—to decrypt sensitive credentials. Exploitation grants high-level access to configuration data, potentially facilitating further compromise of the MedDream PACS environment.

The primary advisory reference is the Cisco Talos Intelligence report at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2154, which provides additional technical details on the vulnerability.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

An incorrect default permissions vulnerability exists in the CServerSettings::SetRegistryValues functionality of MedDream PACS Premium 7.3.3.840. A specially crafted application can decrypt credentials stored in a configuration-related registry key. An attacker can execute a malicious script or application to exploit this…

more

vulnerability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1552.002 Credentials in Registry Credential Access
Adversaries may search the Registry on compromised systems for insecurely stored credentials.
Why these techniques?

Improper registry permissions directly expose stored credentials for local decryption/access without auth.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-53912Same product: Meddream Pacs Server
CVE-2026-32048Shared CWE-732
CVE-2020-36938Shared CWE-732
CVE-2025-12985Shared CWE-732
CVE-2025-1067Shared CWE-732
CVE-2026-25112Shared CWE-732
CVE-2026-50209Shared CWE-732
CVE-2020-36916Shared CWE-732
CVE-2026-23648Shared CWE-732
CVE-2024-38337Shared CWE-732

Affected Assets

meddream
pacs server
7.3.2.840

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

CM-6 mandates establishing and enforcing restrictive configuration settings on system components like registry keys, directly countering the incorrect default permissions that expose decryptable credentials.

prevent

AC-6 applies least privilege to restrict unprivileged local access to sensitive registry keys storing credentials, preventing exploitation by local attackers.

prevent

AC-3 enforces approved access authorizations on system resources such as registry keys, blocking unauthorized reads of configuration-stored credentials.

References