exploitDog

CVE-2025-24485

Опубликовано: 28 июл. 2025

Источник: nvd

CVSS3: 5.8

CVSS3: 7.5

EPSS Низкий

Описание

A server-side request forgery vulnerability exists in the cecho.php functionality of MedDream PACS Premium 7.3.5.860. A specially crafted HTTP request can lead to SSRF. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

Ссылки

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2177
Exploit
Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2177

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:meddream:pacs_server:7.3.5.860:*:*:*:premium:*:*:*

EPSS

Процентиль: 14%

0.00044

Низкий

5.8 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-918

Связанные уязвимости

GHSA-w28g-rm5j-24w5

CVSS3: 5.8

github

6 месяцев назад

A server-side request forgery vulnerability exists in the cecho.php functionality of MedDream PACS Premium 7.3.5.860. A specially crafted HTTP request can lead to SSRF. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

EPSS

Процентиль: 14%

0.00044

Низкий

5.8 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-918