Cyber Resilience

CVE-2025-53912

CriticalPublic PoC

Published: 20 January 2026

Published
20 January 2026
Modified
29 January 2026
KEV Added
Patch
CVSS Score v3.1 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
EPSS Score 0.0044 34.7th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-53912 is a critical-severity External Control of File Name or Path (CWE-73) vulnerability in Meddream Pacs Server. Its CVSS base score is 9.6 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 34.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-53912 is an arbitrary file read vulnerability in the encapsulatedDoc functionality of MedDream PACS Premium version 7.3.6.870. The issue allows a specially crafted HTTP request to trigger the vulnerability, enabling unauthorized access to files on the affected system. It has been assigned CWE-73 (External Control of File Name or Path) and a CVSS v3.1 base score of 9.6 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N), indicating high severity due to its network accessibility, low attack complexity, and significant impacts on confidentiality and integrity.

An attacker with low privileges, such as an authenticated user, can exploit this vulnerability remotely over the network without requiring user interaction. By sending a malicious HTTP request to the vulnerable endpoint, the attacker can read arbitrary files on the server, potentially exposing sensitive data like configuration files, user credentials, or medical records in a PACS environment. The scoped impact (S:C) amplifies the consequences within the security scope, while the high integrity impact (I:H) suggests potential for data tampering through file access.

Details on mitigation and patches are available in the Cisco Talos Intelligence advisory at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2273. Security practitioners should consult this report for vendor-recommended updates or workarounds.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

An arbitrary file read vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted HTTP request can lead to an arbitrary file read. An attacker can send http request to trigger this vulnerability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

Arbitrary file read vulnerability in web application enables exploitation of public-facing application (T1190), data collection from local system (T1005), and access to unsecured credentials in files (T1552.001).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-26469Same product: Meddream Pacs Server
CVE-2025-0211Shared CWE-73
CVE-2019-25472Shared CWE-73
CVE-2026-33354Shared CWE-73
CVE-2024-12036Shared CWE-73
CVE-2026-29611Shared CWE-73
CVE-2026-29962Shared CWE-73
CVE-2026-5210Shared CWE-73
CVE-2026-8043Shared CWE-73
CVE-2026-43891Shared CWE-73

Affected Assets

meddream
pacs server
7.3.6.870

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly validates HTTP request inputs to the encapsulatedDoc functionality, preventing specially crafted requests from enabling external control of file paths and arbitrary file reads (CWE-73).

prevent

Requires timely remediation of the specific flaw in MedDream PACS Premium 7.3.6.870 that allows low-privileged remote attackers to trigger arbitrary file reads via HTTP requests.

prevent

Enforces least privilege for the application process, limiting damage from successful path traversal by restricting access to sensitive files on the server.

References