CVE-2025-54861 is a reflected cross-site scripting (XSS) vulnerability classified under CWE-79, affecting MedDream PACS Premium version 7.3.6.870. The vulnerability exists in the modifyCoercion functionality, where user-supplied input is improperly neutralized during web page generation. This flaw allows an attacker to craft a malicious URL that, when accessed by a user, causes arbitrary JavaScript code execution within the victim's browser context. The attack vector is network-based (AV:N), requires no privileges (PR:N), but does require user interaction (UI:R), such as clicking a malicious link. The vulnerability impacts confidentiality and integrity by potentially allowing session hijacking, theft of sensitive medical data, or manipulation of user sessions. Availability is not affected. The vulnerability has a CVSS v3.1 base score of 6.1, indicating medium severity. No public exploits have been reported yet, but the vulnerability is published and known. MedDream PACS Premium is a medical imaging software widely used in healthcare environments for managing and viewing medical images, making this vulnerability particularly sensitive due to the nature of the data handled. The reflected XSS could be leveraged by attackers to conduct phishing, steal authentication tokens, or perform further attacks within the healthcare network. The vulnerability highlights the need for proper input validation and output encoding in web applications, especially those handling sensitive health information.

For European organizations, especially healthcare providers using MedDream PACS Premium, this vulnerability poses a risk of unauthorized access to sensitive patient data through session hijacking or credential theft. The execution of arbitrary JavaScript can lead to data leakage, manipulation of user sessions, and potential pivoting within the network. Given the critical nature of healthcare data and strict regulatory requirements such as GDPR, exploitation could result in significant legal and reputational damage. The vulnerability could also facilitate targeted phishing campaigns against healthcare staff, increasing the risk of broader compromise. While availability is not directly impacted, the integrity and confidentiality of patient records and imaging data are at risk, which could disrupt clinical workflows and patient care. The medium severity rating suggests that while the threat is serious, exploitation requires user interaction and does not allow direct system compromise without further chaining of attacks.

1. Monitor MedDream vendor communications closely for official patches addressing this vulnerability and apply them promptly once released. 2. Implement strict input validation and output encoding on all user-supplied data within the PACS web interface to prevent injection of malicious scripts. 3. Employ web application firewalls (WAFs) configured to detect and block reflected XSS attack patterns targeting the modifyCoercion functionality. 4. Conduct user awareness training for healthcare staff to recognize and avoid clicking suspicious or unexpected URLs, especially those related to PACS systems. 5. Use Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in the PACS web application. 6. Regularly audit and review web application logs for unusual access patterns or attempts to exploit XSS vulnerabilities. 7. Segment the PACS network environment to limit lateral movement in case of compromise. 8. Consider multi-factor authentication for accessing PACS systems to reduce the impact of stolen credentials.