CVE-2025-54778: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in MedDream MedDream PACS Premium
CVE-2025-54778 is a reflected cross-site scripting (XSS) vulnerability found in MedDream PACS Premium version 7. 3. 6. 870, specifically in the existingUser functionality. This flaw allows an attacker to craft a malicious URL that, when visited by a user, executes arbitrary JavaScript code in the victim's browser. The vulnerability requires user interaction (clicking the malicious link) but does not require authentication, and it can lead to partial compromise of confidentiality and integrity of user sessions. Although no known exploits are currently reported in the wild, the medium severity CVSS score of 6. 1 reflects the potential risk. European healthcare organizations using this PACS software should prioritize patching or applying mitigations to prevent exploitation. Countries with significant healthcare infrastructure and MedDream PACS deployments, such as Germany, France, and the UK, are likely to be most affected.
AI Analysis
Technical Summary
CVE-2025-54778 is a reflected cross-site scripting (XSS) vulnerability classified under CWE-79, affecting MedDream PACS Premium version 7.3.6.870. The vulnerability resides in the existingUser functionality, where user-supplied input is improperly neutralized during web page generation. An attacker can exploit this by crafting a malicious URL containing JavaScript code that, when clicked by a victim, executes within the victim's browser context. This execution can lead to theft of session cookies, user impersonation, or manipulation of displayed content, undermining confidentiality and integrity. The vulnerability does not require authentication, increasing its attack surface, but does require user interaction to trigger. The CVSS 3.1 base score is 6.1 (medium severity), reflecting network attack vector, low attack complexity, no privileges required, but user interaction needed, and impact on confidentiality and integrity but not availability. No patches or known exploits are currently reported, but the vulnerability is publicly disclosed and should be addressed promptly. The scope is limited to the affected version 7.3.6.870 of MedDream PACS Premium, a medical imaging software used in healthcare environments for managing and viewing medical images. Given the critical nature of healthcare data, exploitation could lead to unauthorized access to sensitive patient information or session hijacking.
Potential Impact
For European organizations, particularly healthcare providers using MedDream PACS Premium, this vulnerability poses a risk to patient data confidentiality and system integrity. Successful exploitation could allow attackers to execute arbitrary scripts in the context of authenticated users, potentially leading to session hijacking, unauthorized data access, or manipulation of displayed medical images and reports. This could undermine trust in healthcare IT systems and violate GDPR requirements for protecting personal health information. The reflected XSS nature means phishing or social engineering campaigns could be used to trick users into clicking malicious links, increasing the risk of targeted attacks. While availability is not directly impacted, the indirect consequences of data breaches or manipulation could disrupt healthcare operations and patient care. European healthcare institutions are prime targets due to the sensitivity of medical data and the critical role of PACS systems in clinical workflows.
Mitigation Recommendations
To mitigate CVE-2025-54778, organizations should first verify if they are running MedDream PACS Premium version 7.3.6.870 and plan to upgrade to a patched version once available. In the absence of an official patch, implement strict input validation and output encoding on the existingUser functionality to neutralize malicious scripts. Deploy Web Application Firewalls (WAFs) with rules specifically targeting reflected XSS payloads to block malicious requests. Educate healthcare staff about the risks of clicking unsolicited or suspicious links, emphasizing phishing awareness. Use Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. Monitor web server logs for unusual URL patterns indicative of exploitation attempts. Additionally, segment PACS systems within the network to limit exposure and enforce least privilege access controls to reduce potential damage from compromised sessions.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Sweden
CVE-2025-54778: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in MedDream MedDream PACS Premium
Description
CVE-2025-54778 is a reflected cross-site scripting (XSS) vulnerability found in MedDream PACS Premium version 7. 3. 6. 870, specifically in the existingUser functionality. This flaw allows an attacker to craft a malicious URL that, when visited by a user, executes arbitrary JavaScript code in the victim's browser. The vulnerability requires user interaction (clicking the malicious link) but does not require authentication, and it can lead to partial compromise of confidentiality and integrity of user sessions. Although no known exploits are currently reported in the wild, the medium severity CVSS score of 6. 1 reflects the potential risk. European healthcare organizations using this PACS software should prioritize patching or applying mitigations to prevent exploitation. Countries with significant healthcare infrastructure and MedDream PACS deployments, such as Germany, France, and the UK, are likely to be most affected.
AI-Powered Analysis
Technical Analysis
CVE-2025-54778 is a reflected cross-site scripting (XSS) vulnerability classified under CWE-79, affecting MedDream PACS Premium version 7.3.6.870. The vulnerability resides in the existingUser functionality, where user-supplied input is improperly neutralized during web page generation. An attacker can exploit this by crafting a malicious URL containing JavaScript code that, when clicked by a victim, executes within the victim's browser context. This execution can lead to theft of session cookies, user impersonation, or manipulation of displayed content, undermining confidentiality and integrity. The vulnerability does not require authentication, increasing its attack surface, but does require user interaction to trigger. The CVSS 3.1 base score is 6.1 (medium severity), reflecting network attack vector, low attack complexity, no privileges required, but user interaction needed, and impact on confidentiality and integrity but not availability. No patches or known exploits are currently reported, but the vulnerability is publicly disclosed and should be addressed promptly. The scope is limited to the affected version 7.3.6.870 of MedDream PACS Premium, a medical imaging software used in healthcare environments for managing and viewing medical images. Given the critical nature of healthcare data, exploitation could lead to unauthorized access to sensitive patient information or session hijacking.
Potential Impact
For European organizations, particularly healthcare providers using MedDream PACS Premium, this vulnerability poses a risk to patient data confidentiality and system integrity. Successful exploitation could allow attackers to execute arbitrary scripts in the context of authenticated users, potentially leading to session hijacking, unauthorized data access, or manipulation of displayed medical images and reports. This could undermine trust in healthcare IT systems and violate GDPR requirements for protecting personal health information. The reflected XSS nature means phishing or social engineering campaigns could be used to trick users into clicking malicious links, increasing the risk of targeted attacks. While availability is not directly impacted, the indirect consequences of data breaches or manipulation could disrupt healthcare operations and patient care. European healthcare institutions are prime targets due to the sensitivity of medical data and the critical role of PACS systems in clinical workflows.
Mitigation Recommendations
To mitigate CVE-2025-54778, organizations should first verify if they are running MedDream PACS Premium version 7.3.6.870 and plan to upgrade to a patched version once available. In the absence of an official patch, implement strict input validation and output encoding on the existingUser functionality to neutralize malicious scripts. Deploy Web Application Firewalls (WAFs) with rules specifically targeting reflected XSS payloads to block malicious requests. Educate healthcare staff about the risks of clicking unsolicited or suspicious links, emphasizing phishing awareness. Use Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. Monitor web server logs for unusual URL patterns indicative of exploitation attempts. Additionally, segment PACS systems within the network to limit exposure and enforce least privilege access controls to reduce potential damage from compromised sessions.
Affected Countries
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- talos
- Date Reserved
- 2025-08-22T15:58:41.239Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 696f99d74623b1157c3aa489
Added to database: 1/20/2026, 3:05:59 PM
Last enriched: 1/27/2026, 8:09:28 PM
Last updated: 2/5/2026, 4:32:02 PM
Views: 13
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.