CVE-2018-25124

HIGH EXPLOITED

PacsOne Server <6.6.2 - Path Traversal

Title source: llm

Exploitation Summary

CVE-2018-25124 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Carlos Avila.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in PACSOne Server 6.6.2's DICOM Web Viewer component. The 'path' parameter in nocache.php is vulnerable to local file inclusion, allowing attackers to read arbitrary files accessible to the web user without authentication.

Description

PacsOne Server version 6.6.2 (prior versions are likely affected) contains a directory traversal vulnerability within the web-based DICOM viewer component. Successful exploitation allows a remote unauthenticated attacker to read arbitrary files via the 'nocache.php' endpoint with a crafted 'path' parameter. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC.

Exploits (1)

exploitdb WORKING POC

by Carlos Avila · textwebappsphp

https://www.exploit-db.com/exploits/43907

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in PACSOne Server 6.6.2's DICOM Web Viewer component. The 'path' parameter in nocache.php is vulnerable to local file inclusion, allowing attackers to read arbitrary files accessible to the web user without authentication.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: PACSOne Server 6.6.2

No auth needed

Prerequisites: Access to the vulnerable PACSOne Server instance

MITRE ATT&CK

T1006 - Direct Volume Access T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/43907

Various Sources product

https://pacsone.net/download.htm

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/pacsone-server-dicom-web-viewer-directory-traversal-lfi

Scores

CVSS v4 8.7

EPSS 0.0081

EPSS Percentile 51.9%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

VulnCheck KEV 2025-11-10

CWE

CWE-22

Status published

Products (1)

RainbowFish Software/PacsOne Server 6.6.2

Published Nov 10, 2025

Tracked Since Feb 18, 2026