CVE-2025-58087 is a reflected cross-site scripting (XSS) vulnerability identified in MedDream PACS Premium version 7.3.6.870, a medical imaging software widely used for managing and viewing DICOM images. The vulnerability resides in the config.php component, specifically in the handling of the 'status' parameter. Improper input sanitization allows attackers to inject malicious JavaScript code via specially crafted URLs. When a user clicks such a URL, the injected script executes in the context of the victim's browser session, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the user. The CVSS 3.1 base score is 6.1, indicating a medium severity level, with an attack vector of network (no physical access needed), low attack complexity, no privileges required, but requiring user interaction. The scope is changed (S:C), meaning the vulnerability can affect resources beyond the vulnerable component. Confidentiality and integrity impacts are low, while availability is unaffected. No patches or known exploits are currently available, but the vulnerability's presence in a critical healthcare application increases its risk profile. The vulnerability is categorized under CWE-79, which covers improper neutralization of input during web page generation, a common vector for XSS attacks.

For European organizations, particularly healthcare providers using MedDream PACS Premium, this vulnerability poses a significant risk to patient data confidentiality and system integrity. Exploitation could allow attackers to steal session cookies or credentials, leading to unauthorized access to sensitive medical images and patient information. This could result in violations of GDPR and other data protection regulations, potentially incurring heavy fines and reputational damage. Additionally, attackers might manipulate displayed data, causing misdiagnosis or treatment errors. The requirement for user interaction limits mass exploitation but targeted phishing campaigns could be effective. The vulnerability does not affect system availability directly but undermines trust in healthcare IT systems. Given the critical nature of healthcare services, even medium-severity vulnerabilities warrant prompt attention.

Since no official patches are currently available, European organizations should implement immediate mitigations to reduce risk. These include: 1) Employing web application firewalls (WAFs) with rules to detect and block malicious payloads targeting the 'status' parameter in config.php requests. 2) Educating users, especially healthcare staff, to recognize and avoid suspicious links, reducing the likelihood of successful phishing attacks. 3) Implementing Content Security Policy (CSP) headers to restrict execution of unauthorized scripts in browsers. 4) Conducting regular security assessments and penetration testing focused on web application input validation. 5) Monitoring web server logs for unusual request patterns targeting the vulnerable parameter. 6) Planning for an urgent upgrade or patch deployment once the vendor releases a fix. 7) Isolating PACS systems within secure network segments to limit exposure. These targeted actions go beyond generic advice and address the specific attack vector and environment.