Vulnerability Database

300,830

Total vulnerabilities in the database

CVE-2025-3480

MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of MedDream WEB DICOM Viewer. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the Web Portal. The issue results from the lack of encryption when transmitting credentials. An attacker can leverage this vulnerability to disclose transmitted credentials, leading to further compromise. Was ZDI-CAN-25842.

Published: May 22, 2025
Updated: Aug 16, 2025
CVE: CVE-2025-3480
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

OWASP TOP 10:

Affected Software
References

Software	From	Fixed in
meddream / pacs_server	7.3.2.840	7.3.2.840.x

https://www.zerodayinitiative.com/advisories/ZDI-25-246/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo