INFINITT Healthcare INFINITT PACS

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to upload malicious files and access unauthorized system resources, resulting in arbitrary code execution or information disclosure.

CVEs (3)

Remediations

• INFINITT recommends the following mitigations:
• The latest version of the software (3.0.11.5 BN10 or later) is NOT affected, as it includes default security patches.
• INFINITT ULite is NOT affected by these vulnerabilities. However, if INFINITT ULite is operating as an integrated system with INFINITT PACS, patching is required to secure the PACS environment.
• For CVE-2025-27714 and CVE-2025-24489: Apply the security patch and configure the System Manager settings to restrict unauthorized file uploads.
• Network Security Recommendations: Minimize network exposure for PACS servers, ensuring they are not directly accessible from the internet.
• Contact Information: Customers requiring additional support should contact INFINITT Security Team. ([email protected])
• For CVE-2025-27721: Apply the patch, enforce strong password policies, and enable logging to monitor for unauthorized access attempts.

Affected Vendors

Affected Products (1)

Affected Sectors

Healthcare and Public Health