CVE-2025-54817 is a reflected cross-site scripting (XSS) vulnerability identified in MedDream PACS Premium version 7.3.6.870, specifically within its autoPurge feature. The vulnerability arises from improper neutralization of user-supplied input during web page generation, classified under CWE-79. An attacker can craft a malicious URL that, when accessed by a user, causes the application to reflect the injected script back in the HTTP response without proper sanitization. This leads to arbitrary JavaScript execution in the victim's browser context, potentially allowing session hijacking, credential theft, or other malicious actions within the scope of the user's privileges. The attack vector is network-based (AV:N), requires no privileges (PR:N), but does require user interaction (UI:R) such as clicking the malicious link. The scope is changed (S:C) because the vulnerability can affect resources beyond the vulnerable component, and the impact on confidentiality and integrity is low (C:L/I:L), with no impact on availability (A:N). No patches are currently linked, and no known exploits have been reported in the wild. MedDream PACS Premium is a medical imaging software widely used in healthcare environments to manage and view medical images, making this vulnerability particularly concerning for patient data confidentiality and system integrity in clinical settings.

For European organizations, particularly healthcare providers using MedDream PACS Premium, this vulnerability poses a risk to patient data confidentiality and the integrity of clinical workflows. Successful exploitation could allow attackers to execute malicious scripts in the context of authenticated users, potentially leading to session hijacking, unauthorized access to sensitive medical images, or manipulation of displayed data. Although the vulnerability does not affect availability, the breach of confidentiality and integrity could undermine trust in healthcare IT systems and violate strict data protection regulations such as GDPR. The risk is heightened in environments where users may be targeted via phishing or malicious links, and where the PACS system interfaces with other critical healthcare infrastructure. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits once the vulnerability becomes public knowledge.

1. Monitor MedDream vendor communications closely and apply security patches promptly once released for version 7.3.6.870 or subsequent versions addressing this vulnerability. 2. Implement web application firewall (WAF) rules to detect and block suspicious input patterns targeting the autoPurge functionality. 3. Enforce strict input validation and output encoding on all user-controllable parameters within the PACS web interface, particularly those involved in URL parameters and autoPurge features. 4. Conduct user awareness training focused on phishing and social engineering risks to reduce the likelihood of users clicking malicious URLs. 5. Restrict access to the PACS web interface to trusted networks and use VPNs or other secure access methods to limit exposure. 6. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in the browser context. 7. Regularly audit and monitor logs for unusual access patterns or attempts to exploit XSS vulnerabilities. 8. Consider segmentation of PACS systems from general enterprise networks to contain potential impacts.