CVE-2025-24485 MEDIUM

CVE-2025-24485

Vendor Meddream

Product MedDream PACS Premium

Weakness CWE-918 · SSRF

Published July 28, 2025

Last update November 3, 2025

View on NVD All CVEs

CVSS base score

5.8/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

A server-side request forgery vulnerability exists in the cecho.php functionality of MedDream PACS Premium 7.3.5.860. A specially crafted HTTP request can lead to SSRF. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

Key dates

02Disclosure timeline

July 28, 2025 CVE published

November 3, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-24485 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/918.html

Related vulnerabilities

04Related CVE

CVE-2025-12800 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.5 - Authenticated (Administrator+) Server-Side Request Forgery CVE-2025-32487 WordPress Waymark plugin <= 1.5.2 - Server Side Request Forgery (SSRF) Vulnerability CVE-2022-3708 Web Stories <= 1.24.0 - Server Side Request Forgery CVE-2025-53760 Microsoft SharePoint Elevation of Privilege Vulnerability CVE-2026-29178 Lemmy: Unauthenticated SSRF via file_type query parameter injection in image endpoint