Softneta — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/vendors/softneta/Trending threats, MITRE ATT&CK coverage, and detection metadata. Fed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioTue, 26 May 2026 14:15:51 +0000Softneta MedDream PACS Server Premium Directory Traversal Vulnerability (CVE-2018-25374)https://feed.craftedsignal.io/briefs/2026-05-meddream-directory-traversal/Tue, 26 May 2026 14:15:51 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-05-meddream-directory-traversal/Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability, tracked as CVE-2018-25374, allowing unauthenticated attackers to read arbitrary files by manipulating the path parameter in requests to nocache.php.CVE-2018-25374 is a directory traversal vulnerability affecting Softneta MedDream PACS Server Premium version 6.7.1.1. This vulnerability allows unauthenticated attackers to read arbitrary files on the server. By manipulating the path parameter in requests to the nocache.php endpoint with encoded backslash sequences, attackers can bypass directory traversal protections and access sensitive files, potentially including system configuration files and password files. The vulnerability was reported on 2026-05-25 and poses a significant risk as it allows unauthorized access to sensitive information without requiring authentication. Exploitation is straightforward, increasing the likelihood of successful attacks.

Attack Chain

  1. An unauthenticated attacker identifies a MedDream PACS Server Premium 6.7.1.1 instance.
  2. The attacker crafts a malicious HTTP GET request targeting the nocache.php endpoint.
  3. The attacker injects a directory traversal payload into the path parameter using encoded backslash sequences (e.g., %2E%2E%2F for ../).
  4. The server processes the request without proper sanitization of the path parameter.
  5. The server attempts to read the file specified by the manipulated path, traversing directories outside of the intended web root.
  6. If successful, the server returns the contents of the targeted file in the HTTP response.
  7. The attacker retrieves sensitive information, such as configuration files or password hashes.

Impact

Successful exploitation of CVE-2018-25374 allows unauthenticated attackers to read arbitrary files on the affected server. This can lead to the disclosure of sensitive information, including system credentials, configuration details, and patient data. The vulnerability affects Softneta MedDream PACS Server Premium 6.7.1.1, potentially impacting healthcare organizations that rely on this software for medical image archiving and communication. Compromise of such data can lead to regulatory fines, reputational damage, and potential legal liabilities.

Recommendation

  • Deploy the Sigma rule Detect MedDream PACS Directory Traversal via nocache.php to identify exploitation attempts targeting CVE-2018-25374 by monitoring for encoded backslash sequences in requests to nocache.php.
  • Apply appropriate input validation and sanitization to the path parameter in nocache.php to prevent directory traversal, as outlined in the CVE-2018-25374 description.
  • Review the vendor’s website for potential patches or mitigation steps for CVE-2018-25374.
]]>highthreatdirectory-traversalweb-applicationCVE-2018-25374