WWBN, MedDream, Eclipse vulnerabilities

WWBN, MedDream, Eclipse vulnerabilities

/in

WWBN, MedDream, Eclipse vulnerabilities

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed seven vulnerabilities in WWBN AVideo, four in MedDream, and one in an Eclipse ThreadX module.

The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.    

For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.     

WWBN XSS, race condition, incomplete blacklist vulnerabilities

Discovered by Claudio Bozzato of Cisco Talos.

WWBN AVideo is a video streaming platform with hosting, management, and video monetization features.

Talos found five cross-site scripting (XSS) vulnerabilities in WWBN AVideo 14.4 and dev master commit 8a8954ff:

A specially crafted HTTP request can lead to arbitrary Javascript execution in all five cases. An attacker must get a user to visit a webpage to trigger these vulnerabilities.

Additionally, Talos identified two vulnerabilities that, when chained together, can lead to arbitrary code execution:

TALOS-2025-2212 (CVE-2025-25214) A race condition vulnerability exists in the aVideoEncoder.json.php unzip functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A series of specially crafted HTTP requests can lead to arbitrary code execution.

TALOS-2025-2213 (CVE-2025-48732) An incomplete blacklist exists in the .htaccess sample of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can request a .phar file to trigger this vulnerability.

MedDream

Discovered by Emmanuel Tacheau and Marcin Noga of Cisco Talos.

MedDream PACS Premium is a DICOM 3.0 compliant picture archiving and communication system for the medical industry. The PACS server provides connectivity to all DICOM modalities (CR, DX, CT, MR, US, XA, etc.).

Talos found four unique MedDreams PACS Premium vulnerabilities.

TALOS-2025-2154 (CVE-2025-26469) is an incorrect default permissions vulnerability in the CServerSettings::SetRegistryValues functionality of MedDream PACS Premium 7.3.3.840. A specially crafted application can decrypt credentials stored in a configuration-related registry key. An attacker can execute a malicious script or application to exploit this vulnerability.

TALOS-2025-2156 (CVE-2025-27724) is a privilege escalation vulnerability in the login.php functionality of meddream MedDream PACS Premium 7.3.3.840. A specially crafted .php file can lead to elevated capabilities. An attacker can upload a malicious file to trigger this vulnerability.

TALOS-2025-2176 (CVE-2025-32731) is a reflected XSS vulnerability in the radiationDoseReport.php functionality of meddream MedDream PACS Premium 7.3.5.860. A specially crafted malicious URL can lead to arbitrary JavaScript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

TALOS-2025-2177 (CVE-2025-24485) is a server-side request forgery (SSRF) vulnerability in the cecho.php functionality of MedDream PACS Premium 7.3.5.860. A specially crafted HTTP request can lead to SSRF. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

Eclipse ThreadX FileX integer underflow vulnerability

Discovered by Kelly Patterson of Cisco Talos.

Eclipse ThreadX is an embedded development suite for an advanced real-time operating system (RTOS) that provides efficient performance for resource-constrained devices. 

TALOS-2024-2088 is a buffer overflow vulnerability in the FileX RAM disk driver functionality of Eclipse ThreadX FileX git commit 1b85eb2. A specially crafted set of network packets can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability.

Cisco Talos Blog – ​Read More