CVE-2025-53912
Published: 20 January 2026
Summary
CVE-2025-53912 is a critical-severity External Control of File Name or Path (CWE-73) vulnerability in Meddream Pacs Server. Its CVSS base score is 9.6 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 44.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly validates HTTP request inputs to the encapsulatedDoc functionality, preventing specially crafted requests from enabling external control of file paths and arbitrary file reads (CWE-73).
Requires timely remediation of the specific flaw in MedDream PACS Premium 7.3.6.870 that allows low-privileged remote attackers to trigger arbitrary file reads via HTTP requests.
Enforces least privilege for the application process, limiting damage from successful path traversal by restricting access to sensitive files on the server.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Arbitrary file read vulnerability in web application enables exploitation of public-facing application (T1190), data collection from local system (T1005), and access to unsecured credentials in files (T1552.001).
NVD Description
An arbitrary file read vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted HTTP request can lead to an arbitrary file read. An attacker can send http request to trigger this vulnerability.
Deeper analysisAI
CVE-2025-53912 is an arbitrary file read vulnerability in the encapsulatedDoc functionality of MedDream PACS Premium version 7.3.6.870. The issue allows a specially crafted HTTP request to trigger the vulnerability, enabling unauthorized access to files on the affected system. It has been assigned CWE-73 (External Control of File Name or Path) and a CVSS v3.1 base score of 9.6 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N), indicating high severity due to its network accessibility, low attack complexity, and significant impacts on confidentiality and integrity.
An attacker with low privileges, such as an authenticated user, can exploit this vulnerability remotely over the network without requiring user interaction. By sending a malicious HTTP request to the vulnerable endpoint, the attacker can read arbitrary files on the server, potentially exposing sensitive data like configuration files, user credentials, or medical records in a PACS environment. The scoped impact (S:C) amplifies the consequences within the security scope, while the high integrity impact (I:H) suggests potential for data tampering through file access.
Details on mitigation and patches are available in the Cisco Talos Intelligence advisory at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2273. Security practitioners should consult this report for vendor-recommended updates or workarounds.
Details
- CWE(s)