An unauthenticated path traversal vulnerability exists in Dicoogle PACS Web Server version 2.5.0 and possibly earlier. The vulnerability allows remote attackers to read arbitrary files on the underlying system by sending a crafted request to the /exportFile endpoint using the UID parameter. Successful exploitation can reveal sensitive files accessible by the web server user.
History

Wed, 23 Jul 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 23 Jul 2025 14:00:00 +0000

Type Values Removed Values Added
Description An unauthenticated path traversal vulnerability exists in Dicoogle PACS Web Server version 2.5.0 and possibly earlier. The vulnerability allows remote attackers to read arbitrary files on the underlying system by sending a crafted request to the /exportFile endpoint using the UID parameter. Successful exploitation can reveal sensitive files accessible by the web server user.
Title Dicoogle PACS Web Server 2.5.0 Unauthenticated Path Traversal
Weaknesses CWE-22
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2025-07-23T13:50:31.369Z

Updated: 2025-07-23T14:47:46.824Z

Reserved: 2025-07-22T19:54:55.579Z

Link: CVE-2018-25113

cve-icon Vulnrichment

Updated: 2025-07-23T14:47:35.267Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-07-23T14:15:32.300

Modified: 2025-07-25T15:29:44.523

Link: CVE-2018-25113

cve-icon Redhat

No data.