6 matches found
CVE-2025-24485
A server-side request forgery vulnerability exists in the cecho.php functionality of MedDream PACS Premium 7.3.5.860. A specially crafted HTTP request can lead to SSRF. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...
CVE-2025-24485
creationtimestamp| type| source ---|---|--- 2025-07-28 15:37:03+00:00| seen| https://bsky.app/profile/buherator.bsky.social/post/3luzwc47lt52v 2025-07-28 15:45:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3luzws43yrx2b...
CVE-2025-24485
A server-side request forgery vulnerability exists in the cecho.php functionality of MedDream PACS Premium 7.3.5.860. A specially crafted HTTP request can lead to SSRF. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...
CVE-2025-24485
A server-side request forgery vulnerability exists in the cecho.php functionality of MedDream PACS Premium 7.3.5.860. A specially crafted HTTP request can lead to SSRF. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...
CVE-2025-24485
MedDream PACS Premium 7.3.5.860 is affected by CVE-2025-24485: a pre-auth SSRF in cecho.php that lets an unauthenticated attacker craft HTTP requests to influence an Association object and potentially map internal hosts via fsockopen, as detailed by Talos (CVE-2025-24485, CVSS ~5.8). Talos provid...
MedDream PACS Premium cecho.php SSRF vulnerability
Talos Vulnerability Report TALOS-2025-2177 MedDream PACS Premium cecho.php SSRF vulnerability July 28, 2025 CVE Number CVE-2025-24485 SUMMARY A server-side request forgery vulnerability exists in the cecho.php functionality of MedDream PACS Premium 7.3.5.860. A specially crafted HTTP request can...