CVE-2025-46270: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in MedDream MedDream PACS Premium
CVE-2025-46270 is a reflected cross-site scripting (XSS) vulnerability found in MedDream PACS Premium version 7. 3. 6. 870, specifically in the fetchPriorStudies functionality. An attacker can craft a malicious URL that, when visited by a user, executes arbitrary JavaScript code in the context of the victim's browser. This vulnerability requires user interaction (clicking the malicious link) but does not require authentication. The CVSS score is 6. 1, indicating a medium severity with potential impacts on confidentiality and integrity but no direct availability impact. No known exploits are currently reported in the wild. European healthcare organizations using this PACS software are at risk of targeted phishing or social engineering attacks leveraging this vulnerability.
AI Analysis
Technical Summary
CVE-2025-46270 is a reflected cross-site scripting (XSS) vulnerability categorized under CWE-79, affecting MedDream PACS Premium version 7.3.6.870. The vulnerability resides in the fetchPriorStudies functionality, where user-supplied input is improperly neutralized during web page generation. This flaw allows an attacker to craft a malicious URL that, when accessed by a victim, executes arbitrary JavaScript code within the victim's browser session. The attack vector is network-based (AV:N), requires no privileges (PR:N), but does require user interaction (UI:R). The vulnerability has a scope change (S:C), meaning it can affect resources beyond the vulnerable component. The impact affects confidentiality and integrity (C:L/I:L) but not availability (A:N). Exploitation could lead to session hijacking, theft of sensitive information, or unauthorized actions performed on behalf of the user. Although no public exploits are known, the presence of this vulnerability in a healthcare PACS system is concerning due to the sensitive nature of medical data and the criticality of healthcare operations. The vulnerability was reserved in August 2025 and published in January 2026. No official patches were listed at the time of reporting, emphasizing the need for immediate mitigation steps.
Potential Impact
For European organizations, particularly those in the healthcare sector using MedDream PACS Premium, this vulnerability poses a risk of unauthorized disclosure of sensitive patient data and potential manipulation of user sessions. Exploitation could enable attackers to steal authentication tokens, perform actions on behalf of legitimate users, or deliver further malware payloads via injected scripts. This can undermine patient privacy, violate GDPR regulations, and disrupt trust in healthcare IT systems. Although the vulnerability does not directly impact system availability, the indirect consequences such as data breaches or compliance violations can lead to significant financial and reputational damage. The requirement for user interaction means phishing or social engineering campaigns could be used to exploit this vulnerability, increasing the risk in environments with less user security awareness.
Mitigation Recommendations
Organizations should prioritize the following mitigations: 1) Monitor MedDream vendor communications for patches addressing CVE-2025-46270 and apply them promptly once available. 2) Implement strict input validation and output encoding on all user-supplied data within the PACS web interface to prevent script injection. 3) Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. 4) Conduct user training focused on recognizing and avoiding phishing attempts and suspicious URLs. 5) Use web application firewalls (WAFs) to detect and block malicious requests targeting the fetchPriorStudies functionality. 6) Regularly audit and monitor logs for unusual access patterns or suspicious URL requests. 7) Segment PACS systems from general network access to reduce exposure. These steps go beyond generic advice by focusing on immediate protective controls and user awareness tailored to this specific vulnerability.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Sweden
CVE-2025-46270: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in MedDream MedDream PACS Premium
Description
CVE-2025-46270 is a reflected cross-site scripting (XSS) vulnerability found in MedDream PACS Premium version 7. 3. 6. 870, specifically in the fetchPriorStudies functionality. An attacker can craft a malicious URL that, when visited by a user, executes arbitrary JavaScript code in the context of the victim's browser. This vulnerability requires user interaction (clicking the malicious link) but does not require authentication. The CVSS score is 6. 1, indicating a medium severity with potential impacts on confidentiality and integrity but no direct availability impact. No known exploits are currently reported in the wild. European healthcare organizations using this PACS software are at risk of targeted phishing or social engineering attacks leveraging this vulnerability.
AI-Powered Analysis
Technical Analysis
CVE-2025-46270 is a reflected cross-site scripting (XSS) vulnerability categorized under CWE-79, affecting MedDream PACS Premium version 7.3.6.870. The vulnerability resides in the fetchPriorStudies functionality, where user-supplied input is improperly neutralized during web page generation. This flaw allows an attacker to craft a malicious URL that, when accessed by a victim, executes arbitrary JavaScript code within the victim's browser session. The attack vector is network-based (AV:N), requires no privileges (PR:N), but does require user interaction (UI:R). The vulnerability has a scope change (S:C), meaning it can affect resources beyond the vulnerable component. The impact affects confidentiality and integrity (C:L/I:L) but not availability (A:N). Exploitation could lead to session hijacking, theft of sensitive information, or unauthorized actions performed on behalf of the user. Although no public exploits are known, the presence of this vulnerability in a healthcare PACS system is concerning due to the sensitive nature of medical data and the criticality of healthcare operations. The vulnerability was reserved in August 2025 and published in January 2026. No official patches were listed at the time of reporting, emphasizing the need for immediate mitigation steps.
Potential Impact
For European organizations, particularly those in the healthcare sector using MedDream PACS Premium, this vulnerability poses a risk of unauthorized disclosure of sensitive patient data and potential manipulation of user sessions. Exploitation could enable attackers to steal authentication tokens, perform actions on behalf of legitimate users, or deliver further malware payloads via injected scripts. This can undermine patient privacy, violate GDPR regulations, and disrupt trust in healthcare IT systems. Although the vulnerability does not directly impact system availability, the indirect consequences such as data breaches or compliance violations can lead to significant financial and reputational damage. The requirement for user interaction means phishing or social engineering campaigns could be used to exploit this vulnerability, increasing the risk in environments with less user security awareness.
Mitigation Recommendations
Organizations should prioritize the following mitigations: 1) Monitor MedDream vendor communications for patches addressing CVE-2025-46270 and apply them promptly once available. 2) Implement strict input validation and output encoding on all user-supplied data within the PACS web interface to prevent script injection. 3) Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. 4) Conduct user training focused on recognizing and avoiding phishing attempts and suspicious URLs. 5) Use web application firewalls (WAFs) to detect and block malicious requests targeting the fetchPriorStudies functionality. 6) Regularly audit and monitor logs for unusual access patterns or suspicious URL requests. 7) Segment PACS systems from general network access to reduce exposure. These steps go beyond generic advice by focusing on immediate protective controls and user awareness tailored to this specific vulnerability.
Affected Countries
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- talos
- Date Reserved
- 2025-08-22T15:59:57.209Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 696f99d64623b1157c3aa44c
Added to database: 1/20/2026, 3:05:58 PM
Last enriched: 1/27/2026, 8:08:45 PM
Last updated: 2/5/2026, 2:44:26 PM
Views: 15
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-14150: CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere in IBM webMethods Integration (on prem) - Integration Server
MediumCVE-2025-13491: CWE-426 Untrusted Search Path in IBM App Connect Operator
MediumCVE-2026-1927: CWE-862 Missing Authorization in wpsoul Greenshift – animation and page builder blocks
MediumCVE-2026-1523: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in PRIMION DIGITEK Digitek ADT1100
HighCVE-2025-13379: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in IBM Aspera Console
HighActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.