Server-Side Request Forgery in MedDream PACS by MedDream
CVE-2025-24485

5.8MEDIUM

Key Information:

Vendor: Meddream
Status: Meddream Pacs Premium
Vendor: CVE Published:; 28 July 2025

What is CVE-2025-24485?

A server-side request forgery vulnerability has been identified in the cecho.php functionality of MedDream PACS Premium 7.3.5.860. This flaw allows an attacker to send a specially crafted HTTP request, which can lead to unauthorized internal requests being made. This can compromise sensitive internal resources and potentially lead to further exploitation if not mitigated.

Affected Version(s)

MedDream PACS Premium 7.3.5.860

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2025
Vulnerability Reserved
Apr 22, 2025

Credit

Discovered by Marcin 'Icewall' Noga of Cisco Talos.