CVE-2025-54759 is a stored cross-site scripting (XSS) vulnerability identified in the Santesoft Sante PACS Server, a medical imaging and archiving system widely used in healthcare environments. The vulnerability arises from improper neutralization of input during web page generation (CWE-79), allowing an attacker to inject malicious HTML or JavaScript code into the application. When a legitimate user accesses the compromised content, the injected code executes within their browser context. This can lead to redirection to malicious websites and theft of session cookies, potentially enabling session hijacking or unauthorized access to sensitive patient data. The vulnerability does not require authentication (PR:N) but does require user interaction (UI:A), such as clicking a crafted link or viewing a malicious page. The attack vector is network-based (AV:N) with low attack complexity (AC:L), and the vulnerability impacts confidentiality and integrity to a limited extent (VC:L, VI:L). The CVSS 4.0 base score is 5.1, categorizing it as medium severity. No known exploits are currently reported in the wild, and no patches have been published yet. Given the critical nature of healthcare data and the role of PACS servers in clinical workflows, exploitation could disrupt operations and compromise patient privacy.

For European organizations, particularly healthcare providers and hospitals using Sante PACS Server, this vulnerability poses a significant risk to patient data confidentiality and system integrity. Successful exploitation could lead to unauthorized access to patient imaging data, session hijacking of medical staff accounts, and potential redirection to phishing or malware sites. This undermines trust in healthcare IT systems and may violate GDPR requirements for protecting personal health information. Additionally, disruption of PACS services could delay diagnosis and treatment, impacting patient care quality. The medium severity rating suggests moderate risk, but the sensitive nature of healthcare environments amplifies the potential consequences. Organizations may also face reputational damage and regulatory penalties if breaches occur due to this vulnerability.

To mitigate this vulnerability, European healthcare organizations should implement the following specific measures: 1) Immediately apply any available vendor patches or updates once released by Santesoft. 2) Employ web application firewalls (WAFs) with custom rules to detect and block malicious input patterns targeting the PACS Server interfaces. 3) Conduct thorough input validation and output encoding on all user-supplied data within the PACS Server environment, especially in web page generation components. 4) Restrict access to the PACS Server management interfaces to trusted internal networks and enforce strong authentication and session management controls. 5) Educate medical staff on the risks of clicking unknown links or opening suspicious content related to PACS systems. 6) Monitor logs for unusual activity indicative of XSS exploitation attempts, such as unexpected redirects or anomalous cookie usage. 7) Consider network segmentation to isolate PACS infrastructure from general user networks to limit attack surface. These targeted actions go beyond generic advice and address the specific threat vectors and operational context of the Sante PACS Server.