CVE-2018-25124 – PacsOne Server Directory Traversal Vulnerability

CVE ID : CVE-2018-25124

Published : Nov. 10, 2025, 11:15 p.m. | 15 minutes ago

Description : PacsOne Server version 6.6.2 (prior versions are likely affected) contains a directory traversal vulnerability within the web-based DICOM viewer component. Successful exploitation allows a remote unauthenticated attacker to read arbitrary files via the ‘nocache.php’ endpoint with a crafted ‘path’ parameter. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-07 UTC.

Severity: 8.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…