Incorrect Default Permissions in MedDream PACS Premium by MedDream
CVE-2025-26469

9.3CRITICAL

Key Information:

Vendor

Meddream

Status
Meddream Pacs Premium
Vendor
CVE Published:
28 July 2025

What is CVE-2025-26469?

An incorrect default permissions vulnerability is present in the CServerSettings::SetRegistryValues functionality of MedDream PACS Premium version 7.3.3.840. This flaw allows a specially crafted application to access and decrypt sensitive credentials stored in a configuration-related registry key. By exploiting this vulnerability, an attacker could potentially execute a malicious script, compromising the security and confidentiality of user data within the system.

Affected Version(s)

MedDream PACS Premium 7.3.3.840

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Discovered by Emmanuel Tacheau of Cisco Talos.
.
CVE-2025-26469 : Incorrect Default Permissions in MedDream PACS Premium by MedDream