What is CVE-2018-25113?

CVE-2018-25113 is a vulnerability in Dicoogle Project Pacs Web Server, classified under Path Traversal. Published 2025-07-23.

Is CVE-2018-25113 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Dicoogle Project Pacs Web Server

CVE-2018-25113

An unauthenticated path traversal vulnerability exists in Dicoogle PACS Web Server version 2.5.0 and possibly earlier. The vulnerability allows remote attackers to read arbitrary files on the underlying system by sending a crafted request…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.703 (98.7th percentile) — read the EPSS interpretation.

Affected products

Dicoogle Project Pacs Web Server — versions 2.5.0

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

rapid7/metasploit-framework

References

www.exploit-db.com/exploits/45007 (exploit)
raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/… (exploit)
www.fortiguard.com/encyclopedia/ips/46527/dicoogle-pacs-web-server-directory-tr… (third-party-advisory)
www.vulncheck.com/advisories/dicoogle-pacs-web-server-path-traversal (third-party-advisory)

Frequently asked questions

What is CVE-2018-25113?: CVE-2018-25113 is a vulnerability in Dicoogle Project Pacs Web Server, classified under Path Traversal. Published 2025-07-23.
Is CVE-2018-25113 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.