Security Advisory

CVE-2018-25298

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-29 19:24:32

Last updated 2026-04-30 12:45:46

Assigner VulnCheck

State PUBLISHED

Description

Merge PACS 7.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms targeting the merge-viewer endpoint. Attackers can submit POST requests to /servlet/actions/merge-viewer/summary with login credentials to hijack user sessions and gain unauthorized access to the PACS system.

← Browse all CVEs View on cve.org ↗