{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T22:45:56.167","vulnerabilities":[{"cve":{"id":"CVE-2025-3480","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2025-05-22T01:15:52.867","lastModified":"2025-08-15T16:58:54.080","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of MedDream WEB DICOM Viewer. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the Web Portal. The issue results from the lack of encryption when transmitting credentials. An attacker can leverage this vulnerability to disclose transmitted credentials, leading to further compromise. Was ZDI-CAN-25842."},{"lang":"es","value":"Vulnerabilidad de divulgación de información de credenciales en la transmisión de texto sin cifrar del visor WEB DICOM de MedDream. Esta vulnerabilidad permite a atacantes adyacentes a la red divulgar información confidencial sobre las instalaciones afectadas del visor WEB DICOM de MedDream. No se requiere autenticación para explotar esta vulnerabilidad. La falla específica existe en el portal web. El problema se debe a la falta de cifrado al transmitir credenciales. Un atacante puede aprovechar esta vulnerabilidad para divulgar las credenciales transmitidas, lo que conlleva una mayor vulnerabilidad. Anteriormente, se conocía como ZDI-CAN-25842."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV30":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","description":[{"lang":"en","value":"CWE-522"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-319"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:meddream:pacs_server:7.3.2.840:*:*:*:premium:*:*:*","matchCriteriaId":"2FEB620B-C8F8-418B-B5AC-6CCDE305AA68"}]}]}],"references":[{"url":"https://www.zerodayinitiative.com/advisories/ZDI-25-246/","source":"zdi-disclosures@trendmicro.com","tags":["Third Party Advisory"]}]}}]}