The discoveries include seven vulnerabilities in WWBN AVideo, four in MedDream PACS Premium, and one in Eclipse ThreadX FileX.
All affected vendors have released patches following Cisco’s third-party vulnerability disclosure policy, with Snort detection rules now available for download.
The video streaming platform WWBN AVideo version 14.4 and development master commit 8a8954ff contains seven distinct vulnerabilities discovered by Claudio Bozzato.
Five cross-site scripting (XSS) vulnerabilities (CVE-2025-46410, CVE-2025-53084, CVE-2025-50128, CVE-2025-36548, and CVE-2025-41420) allow attackers to execute arbitrary JavaScript code through specially crafted HTTP requests, requiring user interaction to trigger exploitation.
More critically, two additional vulnerabilities can be chained together for remote code execution.
CVE-2025-25214 represents a race condition in the aVideoEncoder.json.php unzip functionality, while CVE-2025-48732 exploits an incomplete blacklist in the .htaccess configuration file.
Attackers can leverage .phar file requests to bypass security controls and achieve arbitrary code execution on vulnerable systems.
The medical imaging sector faces exposure through four vulnerabilities in MedDream PACS Premium, discovered by Emmanuel Tacheau and Marcin Noga.
This DICOM 3.0 compliant picture archiving system, widely used for medical imaging storage and communication, contains several critical security flaws.
CVE-2025-26469 involves incorrect default permissions in CServerSettings::SetRegistryValues functionality, allowing credential decryption from registry keys.
CVE-2025-27724 enables privilege escalation through malicious PHP file uploads in the login.php component.
Additional vulnerabilities include a reflected XSS flaw (CVE-2025-32731) in radiationDoseReport.php and a server-side request forgery vulnerability (CVE-2025-24485) in cecho.php functionality, which requires no authentication to exploit.
Kelly Patterson identified a buffer overflow vulnerability (CVE-2024-2088) in Eclipse ThreadX FileX, an embedded development suite for real-time operating systems.
The vulnerability affects the FileX RAM disk driver functionality in git commit 1b85eb2, where specially crafted network packets can trigger code execution on resource-constrained devices.
Organizations using these platforms should immediately apply available patches and implement updated Snort rules for detection.
The discoveries underscore the importance of comprehensive security testing across diverse software ecosystems, from enterprise video platforms to critical medical infrastructure and embedded systems.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
The post Multiple Vulnerabilities Disclosed in WWBN AVideo, MedDream, and Eclipse ThreadX Module appeared first on Cyber Security News.
The post Dua Lipa Sues Samsung For $15M Over Use Of Her Image On TV…
The post Dua Lipa Sues Samsung For $15M Over Use Of Her Image On TV…
Satellite has supported U.S. broadcast distribution for so long that it has often been treated…
Satellite has supported U.S. broadcast distribution for so long that it has often been treated…
The writings of the Founding Fathers of the United States of America include many a…
Mouse: P.I. For Hire, the stylish first-person shooter dressed up as a 1930s cartoon, has…
This website uses cookies.