CVE-2025-58094 identifies a reflected cross-site scripting (XSS) vulnerability in MedDream PACS Premium version 7.3.6.870, a medical imaging software widely used for managing and viewing medical images. The vulnerability resides in the config.php script, specifically in the handling of the 'worklistsrc' URL parameter. Improper neutralization of input allows an attacker to inject malicious JavaScript code into the web page generated by the application. When a user clicks on a specially crafted URL containing the malicious payload in the 'worklistsrc' parameter, the injected script executes in the context of the user's browser session. This can lead to theft of session cookies, unauthorized actions on behalf of the user, or redirection to malicious sites. The vulnerability is classified under CWE-79, indicating improper input sanitization during web page generation. The CVSS 3.1 base score is 6.1, reflecting a medium severity with network attack vector, low attack complexity, no privileges required, but requiring user interaction. The scope is changed (S:C), meaning the vulnerability can affect resources beyond the vulnerable component. No patches were linked at the time of reporting, and no known exploits in the wild have been documented. The vulnerability primarily threatens confidentiality and integrity, with no direct impact on availability. Given the critical nature of PACS systems in healthcare workflows, exploitation could lead to unauthorized data disclosure or manipulation of medical imaging data presentation.

For European organizations, particularly healthcare providers using MedDream PACS Premium 7.3.6.870, this vulnerability poses a risk to patient data confidentiality and the integrity of medical imaging workflows. Successful exploitation could allow attackers to hijack user sessions, steal sensitive patient information, or manipulate displayed data, potentially leading to misdiagnosis or treatment errors. Since PACS systems often integrate with hospital information systems and electronic health records, the impact could cascade into broader healthcare IT environments. The requirement for user interaction limits mass exploitation but targeted phishing campaigns could be effective. Disruption of trust in medical imaging data could have regulatory and reputational consequences under GDPR and other healthcare data protection laws. The vulnerability does not affect system availability directly but could indirectly impact clinical operations if users lose confidence in the system's integrity.

Organizations should immediately review and restrict access to the MedDream PACS web interface, especially from untrusted networks. Implement web application firewalls (WAFs) with rules to detect and block reflected XSS payloads targeting the 'worklistsrc' parameter. Conduct user awareness training to reduce the risk of phishing attacks involving malicious URLs. Apply strict input validation and output encoding on all user-controllable parameters in the PACS application, particularly 'worklistsrc'. Monitor logs for suspicious URL access patterns indicative of exploitation attempts. Coordinate with MedDream for timely patch deployment once available, and test patches in a controlled environment before production rollout. Consider network segmentation to isolate PACS servers from general user networks. Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts in browsers accessing the PACS system. Regularly audit and update all components of the PACS environment to reduce attack surface.