CVE-2025-53912
📋 TL;DR
This vulnerability allows attackers to read arbitrary files on MedDream PACS Premium servers by sending specially crafted HTTP requests to the encapsulatedDoc functionality. It affects MedDream PACS Premium version 7.3.6.870, potentially exposing sensitive medical data and system files.
💻 Affected Systems
- MedDream PACS Premium
📦 What is this software?
Pacs Server by Meddream
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through reading sensitive configuration files, credentials, and patient medical records, potentially leading to data breach, ransomware deployment, or lateral movement.
Likely Case
Exfiltration of sensitive patient data (PHI/PII), system configuration files, and potentially credentials stored in accessible files.
If Mitigated
Limited impact if proper network segmentation, file system permissions, and monitoring are in place to detect and block exploitation attempts.
🎯 Exploit Status
The vulnerability requires sending a specially crafted HTTP request but does not require authentication, making it relatively easy to exploit.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Not available
Restart Required: No
Instructions:
1. Contact MedDream vendor for patch availability
2. If patch is available, follow vendor's installation instructions
3. Test in non-production environment first
4. Apply to production systems during maintenance window
🔧 Temporary Workarounds
Network Access Control
allRestrict access to MedDream PACS server to only trusted networks and IP addresses
# Example firewall rule (Linux iptables)
iptables -A INPUT -p tcp --dport 80 -s TRUSTED_IP_RANGE -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -s TRUSTED_IP_RANGE -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP
Web Application Firewall (WAF)
allDeploy WAF rules to block requests to encapsulatedDoc endpoint with file path traversal patterns
# Example ModSecurity rule
SecRule REQUEST_URI "@rx /encapsulatedDoc.*\.\./" "id:1001,phase:1,deny,status:403,msg:'Path traversal attempt detected'"
🧯 If You Can't Patch
- Isolate the MedDream PACS server in a separate network segment with strict access controls
- Implement comprehensive monitoring and alerting for file read attempts and unusual access patterns
🔍 How to Verify
Check if Vulnerable:
Check if MedDream PACS Premium version is 7.3.6.870 by reviewing application version in admin interface or configuration filesCheck Version:
Check application web interface or configuration files for version informationVerify Fix Applied:
Verify version has been updated beyond 7.3.6.870 or test with controlled exploitation attempt in non-production environment📡 Detection & Monitoring
Log Indicators:
- HTTP requests to /encapsulatedDoc endpoint with file path patterns
- Multiple failed file read attempts
- Requests containing '../' patterns
Network Indicators:
- Unusual outbound data transfers from PACS server
- HTTP requests to encapsulatedDoc from unauthorized sources
SIEM Query:
source="web_server_logs" AND (uri="/encapsulatedDoc" OR uri CONTAINS "../")