CVE-2025-26469

An incorrect default permissions vulnerability exists in the CServerSettings::SetRegistryValues functionality of MedDream PACS Premium 7.3.3.840. A specially crafted application can decrypt credentials stored in a configuration-related registry key. An attacker can execute a malicious script or application to exploit this vulnerability.

CVSS v3 9.3 CRITICAL

9.3^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2154

Configurations

No configuration.

History

29 Jul 2025, 14:14

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de permisos predeterminados incorrectos en la función CServerSettings::SetRegistryValues de MedDream PACS Premium 7.3.3.840. Una aplicación especialmente manipulada puede descifrar las credenciales almacenadas en una clave de registro relacionada con la configuración. Un atacante puede ejecutar un script o aplicación maliciosa para explotar esta vulnerabilidad.

28 Jul 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-28 14:15

Updated : 2025-07-29 14:14

NVD link : CVE-2025-26469

Mitre link : CVE-2025-26469

CVE.ORG link : CVE-2025-26469

JSON object : View

Products Affected

No product.

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

9.3 /10