Critical Security Vulnerabilities Discovered in WWBN AVideo, MedDream, and Eclipse ThreadX Module

Cisco Talos’ Vulnerability Discovery & Research team has disclosed a total of twelve security vulnerabilities affecting three distinct software products.

Seven vulnerabilities impact WWBN AVideo, four reside within the MedDream PACS Premium system, and one exists in the Eclipse ThreadX FileX module.

All issues have been addressed by their respective vendors in accordance with Cisco third-party vulnerability disclosure policy.

WWBN AVideo, a feature-rich video streaming platform offering hosting, management and monetization services, was found vulnerable across multiple components in version 14.4 and its development master (commit 8a8954ff). Talos researcher Claudio Bozzato uncovered:

• Five reflected cross-site scripting (XSS) vulnerabilities (CVE-2025-46410, CVE-2025-53084, CVE-2025-50128, CVE-2025-36548, CVE-2025-41420) in various PHP endpoints. Each can be triggered by delivering a specially crafted HTTP request, resulting in arbitrary JavaScript execution when a victim visits a maliciously altered URL.
  
• A race condition within the aVideoEncoder.json.php unzip routine (CVE-2025-25214) that permits an attacker to inject and execute arbitrary code. An attacker submits a crafted archive and exploits concurrent processing to overwrite files on the server.
  
• An incomplete blacklist implementation in the sample .htaccess file (CVE-2025-48732) allowing requests for .phar files, which can be used to chain with the unzip vulnerability for remote code execution.

All seven issues have been patched by the WWBN development team. Users are urged to upgrade to the latest release and review custom .htaccess configurations to ensure proper filtering of archive file types.

Security Vulnerabilities

MedDream PACS Premium, a DICOM-compliant picture archiving and communication system widely deployed in medical imaging environments, was found to harbor four critical vulnerabilities. Researchers Emmanuel Tacheau and Marcin Noga reported:

• Incorrect default permissions in the CServerSettings::SetRegistryValues function (CVE-2025-26469). Attackers with local access can decrypt credentials stored in a registry key, then execute malicious scripts or applications under those credentials.
  
• A privilege escalation vulnerability in login.php (CVE-2025-27724). By uploading a specially crafted PHP file, an unauthenticated attacker can bypass access controls, gaining elevated privileges on the PACS server.
  
• A reflected XSS vulnerability in radiationDoseReport.php (CVE-2025-32731) present in version 7.3.5.860. Crafting a malicious URL parameter leads to dynamic injection of JavaScript, potentially compromising any user who clicks the link.
  
• A server-side request forgery (SSRF) issue in cecho.php (CVE-2025-24485). An attacker can supply arbitrary URLs in POST parameters to force the server to relay HTTP requests to internal or external systems, facilitating reconnaissance or pivoting.

All four MedDream vulnerabilities have been resolved in the latest 7.3.5.861 update. Administrators are advised to apply patches immediately, restrict file upload paths, and implement robust input validation and allow-listing for URLs.

Eclipse ThreadX FileX

In the realm of embedded real-time operating systems, Talos researcher Kelly Patterson discovered a critical vulnerability in the FileX RAM disk driver of Eclipse ThreadX (git commit 1b85eb2).

All disclosed vulnerabilities conform to Cisco’s third-party vulnerability disclosure policy and have corresponding advisory entries on the Talos Intelligence website.

The vulnerability, tracked as TALOS-2024-2088, stems from an integer underflow during buffer size calculations. An attacker capable of sending a specific sequence of network packets can trigger a buffer overflow, leading to arbitrary code execution in the context of the RTOS.

This vulnerability poses a significant risk for resource-constrained IoT and industrial devices that integrate ThreadX FileX.

Device vendors have since released updated driver versions incorporating bounds checks to neutralize underflow conditions. System integrators should review firmware versions and apply the patched FileX driver to all affected products.

Administrators can download Snort rule sets from Snort.org to detect exploitation attempts for these vulnerabilities.

Immediate patching, coupled with rigorous input validation, principle of least privilege, and network segmentation, will mitigate the risk of successful attacks.

Continuous monitoring of vulnerability advisories remains essential to safeguard critical infrastructure and services.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.