CVE-2025-54495 is a reflected cross-site scripting vulnerability categorized under CWE-79, affecting MedDream PACS Premium version 7.3.6.870. The vulnerability resides in the emailfailedjob functionality, where user-supplied input is improperly neutralized during web page generation. This improper sanitization allows an attacker to craft a malicious URL that, when accessed by a user, causes arbitrary JavaScript code execution in the victim’s browser. This can lead to session hijacking, credential theft, or manipulation of the web interface, compromising confidentiality and integrity of the affected system. The vulnerability is exploitable remotely over the network without authentication but requires user interaction to click the malicious link. The CVSS v3.1 base score of 6.1 reflects a medium severity, with attack vector network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), scope changed (S:C), and low impact on confidentiality and integrity (C:L, I:L) with no impact on availability (A:N). No patches or known exploits are currently available, indicating the need for proactive mitigation. The vulnerability affects a critical healthcare product used for medical image management, making it a significant concern for healthcare providers relying on MedDream PACS Premium for diagnostic workflows.

For European organizations, particularly healthcare providers using MedDream PACS Premium, this vulnerability poses a risk to patient data confidentiality and system integrity. Successful exploitation could allow attackers to steal session cookies or credentials, enabling unauthorized access to sensitive medical images and patient information. This could lead to privacy violations, regulatory non-compliance (e.g., GDPR), and potential disruption of clinical workflows. Although availability is not directly impacted, the loss of trust and potential data breaches could have severe reputational and financial consequences. The requirement for user interaction means phishing or social engineering campaigns could be used to exploit this vulnerability, increasing the risk in environments with less security awareness. Given the critical nature of healthcare data and the increasing targeting of healthcare infrastructure by cybercriminals, this vulnerability represents a moderate but tangible threat to European healthcare entities.

Organizations should immediately implement strict input validation and output encoding on all user-supplied data, especially within the emailfailedjob functionality, to prevent injection of malicious scripts. Until an official patch is released, administrators should restrict access to the vulnerable functionality where possible, such as limiting exposure to trusted networks or using web application firewalls (WAFs) to detect and block suspicious requests containing malicious payloads. Security teams should conduct user awareness training to educate staff about the risks of clicking unknown or suspicious URLs, emphasizing phishing prevention. Monitoring web server logs for unusual URL patterns targeting the emailfailedjob endpoint can help detect attempted exploitation. Additionally, organizations should prepare for rapid patch deployment once MedDream releases an update addressing this vulnerability. Regular security assessments and penetration testing focusing on web application vulnerabilities are recommended to identify and remediate similar issues proactively.