INFINITT Healthcare INFINITT PACS Unrestricted Upload of File with Dangerous Type
CVE-2025-27714

5.3MEDIUM

Key Information:

Vendor: Infinitt Healthcare
Status: Infinitt Pacs System Manager
Vendor: CVE Published:; 21 August 2025

🔔 Create Infinitt Healthcare Vulnerability Alert

What is CVE-2025-27714?

An attacker could exploit this vulnerability by uploading arbitrary files via the a specific endpoint, leading to unauthorized remote code execution or system compromise.

Affected Version(s)

INFINITT PACS System Manager 0 <= 3.0.11.5 BN9

INFINITT PACS System Manager 3.0.11.5 BN10

References

https://www.cisa.gov/news-events/ics-medical-advisories/i...

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 21, 2025
Vulnerability Reserved
Mar 19, 2025

Credit

Piotr Kijewski of the Shadowserver Foundation reported these vulnerabilities to CISA.