216.73.216.45

CVE-2018-25124

· Published 10/11/2025 23:15 · Modified 20/11/2025 22:15

Labels: CVE-2018-25124 2025-11-10CVE-2018-25124CWE-22[email protected]

Essential information

Published
10/11/2025 23:15
Modified
20/11/2025 22:15
Author
Creator
CVSS
8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

PacsOne Server version 6.6.2 (prior versions are likely affected) contains a directory traversal vulnerability within the web-based DICOM viewer component. Successful exploitation allows a remote unauthenticated attacker to read arbitrary files via the 'nocache.php' endpoint with a crafted 'path' parameter. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

References