INFINITT Healthcare INFINITT PACS Unrestricted Upload of File with Dangerous Type
CVE-2025-24489

5.3MEDIUM

Key Information:

Vendor

Infinitt Healthcare

Status
Infinitt Pacs System Manager
Vendor
CVE Published:
21 August 2025

What is CVE-2025-24489?

An attacker could exploit this vulnerability by uploading arbitrary files via a specific service, which could lead to system compromise.

Affected Version(s)

INFINITT PACS System Manager 0 <= 3.0.11.5 BN9

INFINITT PACS System Manager 3.0.11.5 BN10

References

https://www.cisa.gov/news-events/ics-medical-advisories/i...

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Piotr Kijewski of the Shadowserver Foundation reported these vulnerabilities to CISA.
.
CVE-2025-24489 : File Upload Vulnerability in XYZ Product by ABC Vendor