exploitDog

CVE-2025-26469

Опубликовано: 28 июл. 2025

Источник: nvd

CVSS3: 9.3

CVSS3: 9.8

EPSS Низкий

Описание

An incorrect default permissions vulnerability exists in the CServerSettings::SetRegistryValues functionality of MedDream PACS Premium 7.3.3.840. A specially crafted application can decrypt credentials stored in a configuration-related registry key. An attacker can execute a malicious script or application to exploit this vulnerability.

Ссылки

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2154
Exploit
Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2154

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:meddream:pacs_server:7.3.2.840:*:*:*:premium:*:*:*

EPSS

Процентиль: 21%

0.00067

Низкий

9.3 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-732

Связанные уязвимости

GHSA-798q-fhcc-4r5j

CVSS3: 9.3

github

6 месяцев назад

An incorrect default permissions vulnerability exists in the CServerSettings::SetRegistryValues functionality of MedDream PACS Premium 7.3.3.840. A specially crafted application can decrypt credentials stored in a configuration-related registry key. An attacker can execute a malicious script or application to exploit this vulnerability.

EPSS

Процентиль: 21%

0.00067

Низкий

9.3 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-732