CVE-2025-58091 identifies a reflected cross-site scripting (XSS) vulnerability in MedDream PACS Premium version 7.3.6.870, a medical imaging software widely used for managing and viewing medical images. The vulnerability resides in the config.php functionality, specifically in the handling of the 'thumbnaildir' parameter. Improper neutralization of input allows an attacker to inject malicious JavaScript code via specially crafted URLs. When a user accesses such a URL, the injected script executes in the context of the victim's browser, potentially allowing session hijacking, credential theft, or manipulation of displayed content. This vulnerability is classified under CWE-79, indicating improper input sanitization during web page generation. The CVSS 3.1 base score of 6.1 reflects a medium severity, with an attack vector of network (remote), low attack complexity, no privileges required, but requiring user interaction. The scope is changed (S:C), meaning the vulnerability can affect resources beyond the vulnerable component. No known exploits have been reported in the wild yet, but the presence of a public-facing web interface in healthcare environments increases the risk. The lack of vendor patches at the time of reporting necessitates immediate mitigation efforts by administrators.

For European organizations, particularly healthcare providers using MedDream PACS Premium 7.3.6.870, this vulnerability poses a risk to patient data confidentiality and integrity. Exploitation could allow attackers to execute arbitrary scripts in users' browsers, potentially leading to session hijacking, unauthorized access to sensitive medical images, or manipulation of displayed information. This could undermine trust in healthcare IT systems and violate data protection regulations such as GDPR. Although availability is not directly impacted, the indirect effects of data leakage or manipulation could disrupt clinical workflows. The medium severity score indicates moderate risk, but the sensitive nature of healthcare data elevates the potential impact. Organizations with externally accessible PACS web portals are particularly vulnerable, as attackers can lure users into clicking malicious links. The absence of known exploits suggests a window for proactive defense, but also a risk of future exploitation once details become widespread.

Organizations should immediately implement strict input validation and output encoding on the 'thumbnaildir' parameter and any other user-controllable inputs in the PACS web interface to prevent script injection. Web application firewalls (WAFs) can be configured to detect and block suspicious URL patterns targeting this parameter. Administrators should monitor web server logs for unusual requests containing script payloads. User awareness training should emphasize caution when clicking on unsolicited or suspicious links, especially in email or messaging contexts. Since no official patches are currently available, organizations should engage with MedDream support to obtain updates or workarounds. Network segmentation and limiting access to the PACS web interface to trusted internal networks or VPN users can reduce exposure. Regular security assessments and penetration testing focused on web application vulnerabilities will help identify residual risks. Finally, ensure that all software components are updated promptly once vendor patches are released.