An incorrect default permissions vulnerability exists in the CServerSettings::SetRegistryValues functionality of MedDream PACS Premium 7.3.3.840.
A specially crafted application can decrypt credentials stored in a configuration-related registry key.
An attacker can execute a malicious script or application to exploit this vulnerability.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Meddream |
|
No data.
No data.
References
History
Tue, 29 Jul 2025 10:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Meddream
Meddream pacs Premium |
|
| Vendors & Products |
Meddream
Meddream pacs Premium |
Mon, 28 Jul 2025 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 28 Jul 2025 14:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An incorrect default permissions vulnerability exists in the CServerSettings::SetRegistryValues functionality of MedDream PACS Premium 7.3.3.840. A specially crafted application can decrypt credentials stored in a configuration-related registry key. An attacker can execute a malicious script or application to exploit this vulnerability. | |
| Weaknesses | CWE-732 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: talos
Published: 2025-07-28T13:36:21.156Z
Updated: 2025-07-28T14:50:45.718Z
Reserved: 2025-02-28T14:06:03.063Z
Link: CVE-2025-26469
Vulnrichment
Updated: 2025-07-28T14:50:41.738Z
NVD
Status : Awaiting Analysis
Published: 2025-07-28T14:15:26.290
Modified: 2025-07-29T14:14:29.590
Link: CVE-2025-26469
Redhat
No data.