CVE-2025-27714 (GCVE-0-2025-27714)

Vulnerability from cvelistv5 – Published: 2025-08-21 19:42 – Updated: 2025-08-21 20:08
VLAI?
Title
INFINITT Healthcare INFINITT PACS Unrestricted Upload of File with Dangerous Type
Summary
An attacker could exploit this vulnerability by uploading arbitrary files via the a specific endpoint, leading to unauthorized remote code execution or system compromise.
Severity ?
6.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.3 (Medium)
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
CWE
Assigner
References
Impacted products
Vendor Product Version
INFINITT Healthcare INFINITT PACS System Manager Affected: 0 , ≤ 3.0.11.5 BN9 (custom)
Unaffected: 3.0.11.5 BN10
Create a notification for this product.
Credits
Piotr Kijewski of the Shadowserver Foundation reported these vulnerabilities to CISA.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-27714",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-21T20:08:49.089078Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-21T20:08:59.493Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "INFINITT PACS System Manager",
          "vendor": "INFINITT Healthcare",
          "versions": [
            {
              "lessThanOrEqual": "3.0.11.5 BN9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "3.0.11.5 BN10"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Piotr Kijewski of the Shadowserver Foundation reported these vulnerabilities to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An attacker could exploit this vulnerability by uploading arbitrary \nfiles via the a specific endpoint, leading to unauthorized remote code \nexecution or system compromise."
            }
          ],
          "value": "An attacker could exploit this vulnerability by uploading arbitrary \nfiles via the a specific endpoint, leading to unauthorized remote code \nexecution or system compromise."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-434",
              "description": "CWE-434",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-21T19:42:59.699Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-100-01"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eINFINITT recommends the following mitigations:\u003c/p\u003e\n\u003cp\u003eThe latest version of the software (3.0.11.5 BN10 or later) is NOT affected, as it includes default security patches.\u003c/p\u003e\n\u003cp\u003eINFINITT ULite is NOT affected by these vulnerabilities. However, if \nINFINITT ULite is operating as an integrated system with INFINITT PACS, \npatching is required to secure the PACS environment.\u003c/p\u003e\n\u003cul\u003e\u003cli\u003eApply the security patch and configure the System Manager settings to restrict unauthorized file uploads.\u003c/li\u003e\n\u003cli\u003eNetwork Security Recommendations: Minimize network exposure for PACS\n servers, ensuring they are not directly accessible from the internet.\u003c/li\u003e\u003cli\u003eContact Information: Customers requiring additional support should contact INFINITT Security Team. (\u003ca target=\"_blank\" rel=\"nofollow\"\u003ecybersecurity@infinitt.com\u003c/a\u003e)\n\n\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "INFINITT recommends the following mitigations:\n\n\nThe latest version of the software (3.0.11.5 BN10 or later) is NOT affected, as it includes default security patches.\n\n\nINFINITT ULite is NOT affected by these vulnerabilities. However, if \nINFINITT ULite is operating as an integrated system with INFINITT PACS, \npatching is required to secure the PACS environment.\n\n\n  *  Apply the security patch and configure the System Manager settings to restrict unauthorized file uploads.\n\n  *  Network Security Recommendations: Minimize network exposure for PACS\n servers, ensuring they are not directly accessible from the internet.\n  *  Contact Information: Customers requiring additional support should contact INFINITT Security Team. (cybersecurity@infinitt.com)"
        }
      ],
      "source": {
        "advisory": "ICSMA-25-100-01",
        "discovery": "EXTERNAL"
      },
      "title": "INFINITT Healthcare INFINITT PACS Unrestricted Upload of File with Dangerous Type",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2025-27714",
    "datePublished": "2025-08-21T19:42:59.699Z",
    "dateReserved": "2025-03-19T16:39:28.817Z",
    "dateUpdated": "2025-08-21T20:08:59.493Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-27714\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2025-08-21T20:15:32.367\",\"lastModified\":\"2025-08-22T18:08:51.663\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An attacker could exploit this vulnerability by uploading arbitrary \\nfiles via the a specific endpoint, leading to unauthorized remote code \\nexecution or system compromise.\"},{\"lang\":\"es\",\"value\":\"Un atacante podr\u00eda aprovechar esta vulnerabilidad cargando archivos arbitrarios a trav\u00e9s de un endpoint espec\u00edfico, lo que provocar\u00eda la ejecuci\u00f3n remota no autorizada de c\u00f3digo o el compromiso del sistema.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":3.4}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]}],\"references\":[{\"url\":\"https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-100-01\",\"source\":\"ics-cert@hq.dhs.gov\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-27714\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-21T20:08:49.089078Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-21T20:08:55.108Z\"}}], \"cna\": {\"title\": \"INFINITT Healthcare INFINITT PACS Unrestricted Upload of File with Dangerous Type\", \"source\": {\"advisory\": \"ICSMA-25-100-01\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Piotr Kijewski of the Shadowserver Foundation reported these vulnerabilities to CISA.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 5.3, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"INFINITT Healthcare\", \"product\": \"INFINITT PACS System Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.0.11.5 BN9\"}, {\"status\": \"unaffected\", \"version\": \"3.0.11.5 BN10\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"INFINITT recommends the following mitigations:\\n\\n\\nThe latest version of the software (3.0.11.5 BN10 or later) is NOT affected, as it includes default security patches.\\n\\n\\nINFINITT ULite is NOT affected by these vulnerabilities. However, if \\nINFINITT ULite is operating as an integrated system with INFINITT PACS, \\npatching is required to secure the PACS environment.\\n\\n\\n  *  Apply the security patch and configure the System Manager settings to restrict unauthorized file uploads.\\n\\n  *  Network Security Recommendations: Minimize network exposure for PACS\\n servers, ensuring they are not directly accessible from the internet.\\n  *  Contact Information: Customers requiring additional support should contact INFINITT Security Team. (cybersecurity@infinitt.com)\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eINFINITT recommends the following mitigations:\u003c/p\u003e\\n\u003cp\u003eThe latest version of the software (3.0.11.5 BN10 or later) is NOT affected, as it includes default security patches.\u003c/p\u003e\\n\u003cp\u003eINFINITT ULite is NOT affected by these vulnerabilities. However, if \\nINFINITT ULite is operating as an integrated system with INFINITT PACS, \\npatching is required to secure the PACS environment.\u003c/p\u003e\\n\u003cul\u003e\u003cli\u003eApply the security patch and configure the System Manager settings to restrict unauthorized file uploads.\u003c/li\u003e\\n\u003cli\u003eNetwork Security Recommendations: Minimize network exposure for PACS\\n servers, ensuring they are not directly accessible from the internet.\u003c/li\u003e\u003cli\u003eContact Information: Customers requiring additional support should contact INFINITT Security Team. (\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\"\u003ecybersecurity@infinitt.com\u003c/a\u003e)\\n\\n\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-100-01\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An attacker could exploit this vulnerability by uploading arbitrary \\nfiles via the a specific endpoint, leading to unauthorized remote code \\nexecution or system compromise.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An attacker could exploit this vulnerability by uploading arbitrary \\nfiles via the a specific endpoint, leading to unauthorized remote code \\nexecution or system compromise.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-434\", \"description\": \"CWE-434\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2025-08-21T19:42:59.699Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-27714\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-21T20:08:59.493Z\", \"dateReserved\": \"2025-03-19T16:39:28.817Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2025-08-21T19:42:59.699Z\", \"assignerShortName\": \"icscert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.