CVE-2025-4411
📋 TL;DR
This CVE describes a cross-site scripting (XSS) vulnerability in Dataprom Informatics PACS-ACSS software that allows attackers to inject malicious scripts into web pages. The vulnerability affects all versions before 16.05.2025, potentially compromising user sessions and data. Healthcare organizations using this PACS (Picture Archiving and Communication System) software are primarily affected.
💻 Affected Systems
- Dataprom Informatics PACS-ACSS
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal sensitive patient data, hijack administrator sessions, install malware on client systems, or manipulate medical imaging data through persistent XSS payloads.
Likely Case
Attackers steal session cookies or credentials, perform actions on behalf of authenticated users, or deface the application interface.
If Mitigated
With proper input validation and output encoding, the attack surface is minimized, though some risk remains if the vulnerability isn't fully patched.
🎯 Exploit Status
XSS vulnerabilities typically have low exploitation complexity, especially reflected XSS. The advisory suggests this affects web page generation, indicating it's likely a classic XSS vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 16.05.2025 or later
Vendor Advisory: https://www.usom.gov.tr/bildirim/tr-25-0171
Restart Required: Yes
Instructions:
1. Contact Dataprom Informatics for the patched version 16.05.2025 or later. 2. Backup current configuration and data. 3. Apply the update following vendor instructions. 4. Restart the PACS-ACSS application/services. 5. Verify the update was successful.
🔧 Temporary Workarounds
Web Application Firewall (WAF)
allDeploy a WAF with XSS protection rules to filter malicious input before it reaches the application.
Content Security Policy (CSP)
allImplement a strict CSP header to restrict script execution sources and mitigate XSS impact.
Content-Security-Policy: default-src 'self'; script-src 'self'
🧯 If You Can't Patch
- Implement network segmentation to isolate PACS-ACSS from untrusted networks and limit access to authorized users only.
- Enable strict input validation and output encoding at the application layer if source code access is available.
🔍 How to Verify
Check if Vulnerable:
Check the PACS-ACSS version in the application interface or configuration files. If version is earlier than 16.05.2025, the system is vulnerable.Check Version:
Check application web interface or consult vendor documentation for version checking method.Verify Fix Applied:
Verify the version is 16.05.2025 or later and test XSS payloads in input fields to ensure they are properly sanitized.📡 Detection & Monitoring
Log Indicators:
- Unusual long parameter values in web requests
- Script tags or JavaScript patterns in URL parameters or form submissions
- Multiple failed XSS attempts from same source
Network Indicators:
- HTTP requests containing script tags, JavaScript events, or encoded payloads in parameters
- Unusual outbound connections from client browsers after visiting PACS pages
SIEM Query:
web_requests WHERE (url CONTAINS "<script>" OR url CONTAINS "javascript:" OR parameters CONTAINS "onerror=" OR parameters CONTAINS "onload=") AND dest_ip IN (pacs_server_ips)