CVE-2018-25142

CRITICAL

NovaRad NovaPACS Diagnostics Viewer <8.5.19.75 - XXE Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25142. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated XML External Entity (XXE) injection vulnerability in NovaRad NovaPACS Diagnostics Viewer 8.5, allowing arbitrary file disclosure via out-of-band (OOB) channel attack. The PoC includes a malicious XML file and attacker-controlled server to exfiltrate data.

Description

NovaRad NovaPACS Diagnostics Viewer 8.5.19.75 contains an unauthenticated XML External Entity (XXE) injection vulnerability in XML preference import settings. Attackers can craft malicious XML files with DTD parameter entities to retrieve arbitrary system files through an out-of-band channel attack.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappsxml

https://www.exploit-db.com/exploits/45337

View Code ZIP pw:eip

This exploit demonstrates an unauthenticated XML External Entity (XXE) injection vulnerability in NovaRad NovaPACS Diagnostics Viewer 8.5, allowing arbitrary file disclosure via out-of-band (OOB) channel attack. The PoC includes a malicious XML file and attacker-controlled server to exfiltrate data.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: NovaRad NovaPACS Diagnostics Viewer 8.5.19.75

No auth needed

Prerequisites: Network access to the target system · Ability to host a malicious XML file on an attacker-controlled server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1213 - Data from Information Repositories

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/45337

Various Sources product

https://www.novarad.net

Third Party Advisory third-party-advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5488.php

Scores

CVSS v3 9.8

EPSS 0.0037

EPSS Percentile 28.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-611

Status published

Products (1)

NovaRad Corporation/NovaPACS Diagnostics Viewer 8.5.19.75

Published Dec 24, 2025

Tracked Since Feb 18, 2026