CVE-2025-36556 is a reflected cross-site scripting (XSS) vulnerability categorized under CWE-79, affecting MedDream PACS Premium version 7.3.6.870. The vulnerability resides in the ldapUser functionality, where user-supplied input is improperly neutralized during web page generation, allowing malicious JavaScript code injection. An attacker can craft a specially designed URL that, when visited by a user, causes the victim's browser to execute arbitrary JavaScript code. This can lead to theft of session cookies, redirection to malicious sites, or execution of unauthorized actions within the context of the vulnerable web application. The vulnerability requires no authentication but does require user interaction (clicking the malicious link). The CVSS v3.1 base score is 6.1, indicating medium severity, with attack vector network (remote), low attack complexity, no privileges required, user interaction required, scope changed, and impacts on confidentiality and integrity but not availability. No public exploits have been reported yet, but the vulnerability poses a risk to the confidentiality and integrity of data handled by the PACS system. MedDream PACS Premium is a medical imaging software widely used in healthcare environments to manage and view medical images, making the confidentiality and integrity of data critical. The reflected XSS flaw could be leveraged by attackers to target healthcare professionals or administrators, potentially leading to session hijacking or phishing attacks within the healthcare environment.

For European organizations, particularly healthcare providers using MedDream PACS Premium, this vulnerability could lead to unauthorized disclosure of sensitive patient data or manipulation of user sessions. The confidentiality and integrity of medical imaging data and associated patient information could be compromised if attackers successfully exploit the XSS vulnerability. This could result in privacy violations, regulatory non-compliance (e.g., GDPR), reputational damage, and potential disruption of healthcare services if trust in the system is undermined. Since the vulnerability requires user interaction, phishing or social engineering campaigns could be used to lure healthcare staff into clicking malicious URLs. The impact is heightened in Europe due to strict data protection laws and the critical nature of healthcare services. Although availability is not directly affected, the indirect consequences of data breaches or session hijacking could disrupt clinical workflows and patient care.

1. Apply patches or updates from MedDream as soon as they become available to address the XSS vulnerability in ldapUser functionality. 2. Implement strict input validation and output encoding on all user-supplied data, especially URL parameters, to prevent injection of malicious scripts. 3. Deploy a Web Application Firewall (WAF) with rules specifically designed to detect and block reflected XSS attacks targeting the PACS web interface. 4. Educate healthcare staff about phishing risks and the dangers of clicking on suspicious links, emphasizing the importance of verifying URLs before access. 5. Conduct regular security assessments and penetration testing focused on web application vulnerabilities within the PACS environment. 6. Use Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in the browser context. 7. Monitor web server logs for unusual request patterns that may indicate attempted exploitation of the vulnerability. 8. Limit external exposure of the PACS web interface by restricting access via VPN or internal network segmentation to reduce attack surface.