A critical vulnerability has been identified in MedDream PACS Premium software, assigned CVE-2025-26469 with a CVSS score of 9.3. This flaw stems from incorrect default permissions that allow a local attacker to run a specially crafted application to decrypt and steal sensitive credentials. Successful exploitation could lead to a complete system compromise, unauthorized access to patient data, and significant disruption to healthcare operations.

The vulnerability exists within the CServerSettings::SetRegistryValues function of the MedDream PACS software. This function writes configuration data, including credentials, to the Windows Registry with overly permissive access controls. A low-privileged attacker with local access to the system can therefore read these registry entries, and by using a specially crafted application, can decrypt the stored credentials. This grants the attacker access to sensitive accounts, potentially leading to privilege escalation and unauthorized access to the PACS system and associated data.

This vulnerability is rated as critical severity with a CVSS score of 9.3. The primary business impact is the high risk of a data breach involving Protected Health Information (PHI) due to credential theft. Exploitation could allow an attacker to gain unauthorized access to medical images and patient records, leading to severe regulatory fines (e.g., under HIPAA), legal liability, and irreparable reputational damage. Furthermore, compromised credentials could be used to pivot to other critical systems on the network, potentially causing widespread operational disruption in a healthcare environment.

Immediate Action: Update An incorrect default permissions vulnerability exists in the Multiple Products to the latest version. The vendor has released patches to correct the improper permissions. After patching, monitor for any exploitation attempts that may have occurred and review system and application access logs for any anomalous activity.

Proactive Monitoring: Implement enhanced monitoring on systems running MedDream PACS software. Specifically, monitor for unusual processes reading from MedDream-related registry hives. Use an Endpoint Detection and Response (EDR) solution to alert on suspicious command-line executions or applications attempting to decrypt credential data. Review authentication logs for successful logins from unusual sources or at odd hours, which could indicate the use of stolen credentials.

Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce risk. Use application whitelisting tools (like AppLocker) to prevent the execution of unauthorized "specially crafted applications." Restrict interactive logon rights to the server, allowing only necessary administrative accounts. If the specific vulnerable registry keys are known, their permissions could be manually hardened as a temporary mitigation.

Public Exploit Available: false

Due to the critical severity (CVSS 9.3) of this vulnerability and its potential to expose highly sensitive patient data, we strongly recommend that organizations apply the vendor-supplied security update immediately. The risk of credential theft and subsequent data breach represents a significant threat to business operations and regulatory compliance. Although not currently under active exploitation, the simplicity of the attack vector makes it an attractive target, and immediate remediation should be treated as the highest priority.