CVE-2024-7872 HIGH

CVE-2024-7872: Sensetive Data Exposure in ExtremePACS' Extreme XDS

Vendor Extremepacs
Product Extreme XDS
Weakness CWE-201
Published March 6, 2025
Last update June 2, 2026

CVSS base score

7.6/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

What the vulnerability does

01Description

Insertion of Sensitive Information Into Sent Data vulnerability in ExtremePACS Extreme XDS allows Retrieve Embedded Sensitive Data. This issue affects Extreme XDS: before 3933.

Key dates

02Disclosure timeline

March 6, 2025 CVE published
June 2, 2026 Record updated