CVE-2025-63958 – MILLENSYS Vision Tools Workspace Unauthenticated Configuration Disclosure
CVE-2025-63958 — MILLENSYS Vision Tools Workspace Unauthenticated Configuration Disclosure 1. Overview This advisory documents a critical unauthenticated configuration disclosure affecting multiple versions of MILLENSYS Vision Tools Workspace, a medical PACS/Reporting platform widely deployed across hospitals and radiology centers. A missing access control on the /MILLENSYS/settings endpoint allows remote attackers to retrieve full backend configuration, including plaintext database credentials, file share paths, license server URLs, and sensitive system parameters. CVE ID: CVE-2025-63958 ...