Cisco Talos’ Vulnerability Discovery & Research team has disclosed a total of 12 critical security vulnerabilities across three popular software platforms, highlighting significant security risks that could potentially impact millions of users worldwide.
The disclosure includes seven vulnerabilities in WWBN AVideo, four in MedDream PACS Premium, and one in Eclipse ThreadX FileX, all of which have been patched by their respective vendors in accordance with Cisco’s third-party vulnerability disclosure policy.
WWBN AVideo Platform Faces Multiple Attack Vectors
WWBN AVideo, a widely used video streaming platform offering hosting, management, and monetization features, was found to contain seven distinct vulnerabilities discovered by Claudio Bozzato of Cisco Talos.
| Product | CVE | Vulnerability Type | Impact |
| WWBN AVideo | CVE-2025-46410 | XSS | JavaScript Execution |
| WWBN AVideo | CVE-2025-53084 | XSS | JavaScript Execution |
| WWBN AVideo | CVE-2025-50128 | XSS | JavaScript Execution |
| WWBN AVideo | CVE-2025-36548 | XSS | JavaScript Execution |
| WWBN AVideo | CVE-2025-41420 | XSS | JavaScript Execution |
| WWBN AVideo | CVE-2025-25214 | Race Condition | Code Execution |
| WWBN AVideo | CVE-2025-48732 | Incomplete Blacklist | Code Execution |
| MedDream | CVE-2025-26469 | Incorrect Permissions | Credential Exposure |
| MedDream | CVE-2025-27724 | Privilege Escalation | Elevated Capabilities |
| MedDream | CVE-2025-32731 | Reflected XSS | JavaScript Execution |
| MedDream | CVE-2025-24485 | SSRF | Server-Side Request Forgery |
| Eclipse ThreadX | CVE-2024-2088 | Buffer Overflow | Code Execution |
Five of these involve cross-site scripting (XSS) vulnerabilities that could allow attackers to execute arbitrary JavaScript code through specially crafted HTTP requests targeting users who visit malicious webpages.
The most concerning discoveries involve two vulnerabilities that, when chained together, enable complete system compromise through arbitrary code execution.
These include a race condition vulnerability in the aVideoEncoder.json.php unzip functionality and an incomplete blacklist in the .htaccess configuration that permits dangerous .phar file requests.
MedDream PACS Premium Security Concerns
The medical imaging sector faces significant risks as MedDream PACS Premium, a DICOM 3.0 compliant picture archiving and communication system, contains four critical vulnerabilities discovered by Emmanuel Tacheau and Marcin Noga of Cisco Talos.
These vulnerabilities range from incorrect default permissions that could expose encrypted credentials to privilege escalation flaws and server-side request forgery attacks.
Eclipse ThreadX Impact on Embedded Systems
Eclipse ThreadX, an embedded development suite for real-time operating systems used in resource-constrained devices, contains a buffer overflow vulnerability in its FileX RAM disk driver.
Discovered by Kelly Patterson, this vulnerability could enable code execution through specially crafted network packets.
Organizations using these platforms should immediately apply available patches and update to the latest versions.
For additional protection, administrators can download the latest Snort rule sets from Snort.org to detect potential exploitation attempts. Cisco Talos continues to monitor these vulnerabilities and provides updated advisories through the Talos Intelligence website.
The Ultimate SOC-as-a-Service Pricing Guide for 2025– Download for Free
