CVE-2025-24489

INFINITT Healthcare INFINITT PACS Unrestricted Upload of File with Dangerous Type

Description

An attacker could exploit this vulnerability by uploading arbitrary files via a specific service, which could lead to system compromise.

Remediation

Solution:

  • INFINITT recommends the following mitigations: The latest version of the software (3.0.11.5 BN10 or later) is NOT affected, as it includes default security patches. INFINITT ULite is NOT affected by these vulnerabilities. However, if INFINITT ULite is operating as an integrated system with INFINITT PACS, patching is required to secure the PACS environment. * Apply the security patch and configure the System Manager settings to restrict unauthorized file uploads. * Network Security Recommendations: Minimize network exposure for PACS servers, ensuring they are not directly accessible from the internet. * Contact Information: Customers requiring additional support should contact INFINITT Security Team. (cybersecurity@infinitt.com)

Category

5.3
CVSS
Severity: Medium
CVSS 4.0 •
CVSS 3.1 •
EPSS 0.04%
Affected: INFINITT Healthcare INFINITT PACS System Manager
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-100-01

Frequently Asked Questions

What is the severity of CVE-2025-24489?
CVE-2025-24489 has been scored as a medium severity vulnerability.
How to fix CVE-2025-24489?
To fix CVE-2025-24489: INFINITT recommends the following mitigations: The latest version of the software (3.0.11.5 BN10 or later) is NOT affected, as it includes default security patches. INFINITT ULite is NOT affected by these vulnerabilities. However, if INFINITT ULite is operating as an integrated system with INFINITT PACS, patching is required to secure the PACS environment. * Apply the security patch and configure the System Manager settings to restrict unauthorized file uploads. * Network Security Recommendations: Minimize network exposure for PACS servers, ensuring they are not directly accessible from the internet. * Contact Information: Customers requiring additional support should contact INFINITT Security Team. (cybersecurity@infinitt.com)
Is CVE-2025-24489 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-24489 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-24489?
CVE-2025-24489 affects INFINITT Healthcare INFINITT PACS System Manager.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.