CVE-2025-24485 – An unauthenticated server-side request forgery ... (How to Fix)

Q: What is the severity of CVE-2025-24485?

CVE-2025-24485 has a CVSS score of 5.8 (MEDIUM). An unauthenticated server-side request forgery vulnerability in MedDream PACS Premium allows attackers to make arbitrary HTTP requests from the vulnerable server. This could lead to internal network scanning, data exfiltration, or attacks against internal services. All systems running the affected version are vulnerable by default.

📋 TL;DR

An unauthenticated server-side request forgery vulnerability in MedDream PACS Premium allows attackers to make arbitrary HTTP requests from the vulnerable server. This could lead to internal network scanning, data exfiltration, or attacks against internal services. All systems running the affected version are vulnerable by default.

💻 Affected Systems

Products:

MedDream PACS Premium

Versions: 7.3.5.860

Operating Systems: All platforms running MedDream PACS

Default Config Vulnerable: ⚠️ Yes

Notes: The cecho.php endpoint is accessible without authentication by default.

📦 What is this software?

Pacs Server by Meddream

View all CVEs affecting Pacs Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker accesses internal services, exfiltrates sensitive data, or uses the server as a pivot point for further attacks on the internal network.

🟠

Likely Case

Internal network reconnaissance, limited data exposure from services accessible to the server, or denial of service against internal systems.

🟢

If Mitigated

Limited impact if network segmentation restricts server access to only necessary services and external requests are blocked.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending a specially crafted HTTP request to the cecho.php endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Monitor vendor for security updates. 2. Apply patch when available. 3. Test in non-production environment first.

🔧 Temporary Workarounds

Block cecho.php endpoint

all

Restrict access to the vulnerable cecho.php file using web server configuration or firewall rules.

# Apache: RewriteRule ^/cecho\.php$ - [F,L]
# Nginx: location ~ /cecho\.php$ { deny all; }

Network segmentation

all

Restrict outbound HTTP/HTTPS connections from the MedDream server to only necessary destinations.

🧯 If You Can't Patch

Implement strict network segmentation to limit the server's access to internal resources
Deploy a web application firewall with SSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check if cecho.php is accessible without authentication and responds to crafted requests with server-side HTTP calls.

Check Version:

Check MedDream version in administration interface or configuration files

Verify Fix Applied:

Verify cecho.php endpoint is no longer accessible or properly validates input to prevent SSRF.

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP requests to cecho.php with external URLs in parameters
Outbound HTTP requests from server to unexpected internal/external destinations

Network Indicators:

HTTP traffic from MedDream server to unusual internal IPs or external domains

SIEM Query:

source_ip=MedDream_server AND (uri_path="/cecho.php" OR dest_ip IN [internal_ranges])

📊 Metadata

CVE ID: CVE-2025-24485

CVSS v3 Score: 5.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

CWE: CWE-918

EPSS Score: 0.05% exploit probability (16th percentile)

Published: July 28, 2025

Last Updated: November 3, 2025

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2177 Exploit,Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2177

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-24485, you might also want to check these: