Privilege Escalation in MedDream PACS Premium by Meddream
CVE-2025-27724

9.3CRITICAL

Key Information:

Vendor: Meddream
Status: Meddream Pacs Premium
Vendor: CVE Published:; 28 July 2025

What is CVE-2025-27724?

A vulnerability exists within the login.php functionality of MedDream PACS Premium, where an attacker can exploit a specially crafted .php file to gain elevated privileges. This flaw allows unauthorized individuals to upload malicious files, which can compromise system integrity and potentially give attackers the ability to manipulate or access sensitive data, leading to significant security risks.

Affected Version(s)

MedDream PACS Premium 7.3.3.840

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2025
Vulnerability Reserved
Mar 17, 2025

Credit

Discovered by Emmanuel Tacheau of Cisco Talos.