Cisco Talos’ Vulnerability Discovery & Research team has disclosed a total of 12 security vulnerabilities across three software platforms, highlighting significant security risks in video streaming, medical imaging, and embedded systems.
The discoveries include seven vulnerabilities in WWBN AVideo, four in MedDream PACS Premium, and one in Eclipse ThreadX FileX.
All affected vendors have released patches following Cisco’s third-party vulnerability disclosure policy, with Snort detection rules now available for download.
WWBN AVideo Platform Faces Multiple Attack Vectors
The video streaming platform WWBN AVideo version 14.4 and development master commit 8a8954ff contains seven distinct vulnerabilities discovered by Claudio Bozzato.
Five cross-site scripting (XSS) vulnerabilities (CVE-2025-46410, CVE-2025-53084, CVE-2025-50128, CVE-2025-36548, and CVE-2025-41420) allow attackers to execute arbitrary JavaScript code through specially crafted HTTP requests, requiring user interaction to trigger exploitation.
More critically, two additional vulnerabilities can be chained together for remote code execution.
CVE-2025-25214 represents a race condition in the aVideoEncoder.json.php unzip functionality, while CVE-2025-48732 exploits an incomplete blacklist in the .htaccess configuration file.
Attackers can leverage .phar file requests to bypass security controls and achieve arbitrary code execution on vulnerable systems.
Medical Systems at Risk Through MedDream Vulnerabilities
The medical imaging sector faces exposure through four vulnerabilities in MedDream PACS Premium, discovered by Emmanuel Tacheau and Marcin Noga.
This DICOM 3.0 compliant picture archiving system, widely used for medical imaging storage and communication, contains several critical security flaws.
CVE-2025-26469 involves incorrect default permissions in CServerSettings::SetRegistryValues functionality, allowing credential decryption from registry keys.
CVE-2025-27724 enables privilege escalation through malicious PHP file uploads in the login.php component.
Additional vulnerabilities include a reflected XSS flaw (CVE-2025-32731) in radiationDoseReport.php and a server-side request forgery vulnerability (CVE-2025-24485) in cecho.php functionality, which requires no authentication to exploit.
Embedded Systems Vulnerability in Eclipse ThreadX
Kelly Patterson identified a buffer overflow vulnerability (CVE-2024-2088) in Eclipse ThreadX FileX, an embedded development suite for real-time operating systems.
The vulnerability affects the FileX RAM disk driver functionality in git commit 1b85eb2, where specially crafted network packets can trigger code execution on resource-constrained devices.
Organizations using these platforms should immediately apply available patches and implement updated Snort rules for detection.
The discoveries underscore the importance of comprehensive security testing across diverse software ecosystems, from enterprise video platforms to critical medical infrastructure and embedded systems.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
%20(1).webp?resize=1600,900&ssl=1&description=The discoveries include seven vulnerabilities in WWBN AVideo, four in MedDream PACS Premium, and one in Eclipse ThreadX FileX.){kind=link}