CVE-2025-53912 CRITICAL

CVE-2025-53912

Vendor Meddream
Product MedDream PACS Premium
Weakness CWE-73
Published January 20, 2026
Last update January 20, 2026

CVSS base score

9.6/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

An arbitrary file read vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted HTTP request can lead to an arbitrary file read. An attacker can send http request to trigger this vulnerability.

Key dates

02Disclosure timeline

January 20, 2026 CVE published
January 20, 2026 Record updated