CVE-2025-58095 is a reflected cross-site scripting (XSS) vulnerability identified in MedDream PACS Premium version 7.3.6.870, a medical imaging software widely used in healthcare environments for managing and viewing medical images. The vulnerability resides in the config.php functionality, specifically in the handling of the 'imagedir' parameter. Improper neutralization of input allows attackers to inject malicious JavaScript code via specially crafted URLs. When a victim clicks such a URL, the injected script executes in their browser context, potentially leading to session hijacking, credential theft, or unauthorized actions performed with the victim’s privileges. The vulnerability does not require authentication but does require user interaction to trigger. The CVSS v3.1 base score is 6.1, reflecting a medium severity with network attack vector, low attack complexity, no privileges required, user interaction required, and impacts on confidentiality and integrity but not availability. No public exploits are currently known, and no patches have been linked yet, indicating the need for proactive defensive measures. The vulnerability is classified under CWE-79, highlighting improper input sanitization during web page generation. This issue is critical in healthcare contexts where patient data confidentiality and system integrity are paramount.

For European organizations, particularly healthcare providers using MedDream PACS Premium, this vulnerability poses a significant risk to patient data confidentiality and system integrity. Successful exploitation could allow attackers to steal session cookies or credentials, leading to unauthorized access to sensitive medical images and patient information. This could result in data breaches, regulatory non-compliance (e.g., GDPR violations), reputational damage, and potential disruption of clinical workflows. Since the vulnerability requires user interaction, phishing campaigns targeting healthcare staff could be an effective attack vector. The reflected XSS could also be used to deliver further malware or ransomware payloads, exacerbating the impact. Given the critical nature of healthcare services, even medium-severity vulnerabilities can have outsized consequences. The lack of known exploits currently provides a window for mitigation before widespread attacks occur.

1. Monitor MedDream vendor communications closely for official patches addressing CVE-2025-58095 and apply them promptly once available. 2. Implement strict input validation and output encoding on the 'imagedir' parameter within the config.php functionality to neutralize malicious input. 3. Deploy and configure Web Application Firewalls (WAFs) to detect and block suspicious requests containing XSS payloads targeting the vulnerable parameter. 4. Conduct user awareness training focused on phishing and social engineering to reduce the likelihood of users clicking malicious links. 5. Restrict access to the PACS web interface to trusted networks or via VPN to limit exposure to external attackers. 6. Regularly audit web application logs for unusual URL patterns or repeated attempts to exploit the imagedir parameter. 7. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in the browser context. 8. Consider implementing multi-factor authentication (MFA) on PACS user accounts to mitigate the impact of stolen credentials.