CVE-2025-54495 – A reflected cross-site scripting vulnerability ... (How to Fix)

Q: What is the severity of CVE-2025-54495?

CVE-2025-54495 has a CVSS score of 6.1 (MEDIUM). A reflected cross-site scripting vulnerability in MedDream PACS Premium allows attackers to execute arbitrary JavaScript code by tricking users into clicking specially crafted malicious URLs. This affects all users of MedDream PACS Premium 7.3.6.870 who access the emailfailedjob functionality.

📋 TL;DR

A reflected cross-site scripting vulnerability in MedDream PACS Premium allows attackers to execute arbitrary JavaScript code by tricking users into clicking specially crafted malicious URLs. This affects all users of MedDream PACS Premium 7.3.6.870 who access the emailfailedjob functionality.

💻 Affected Systems

Products:

MedDream PACS Premium

Versions: 7.3.6.870

Operating Systems: All platforms running MedDream PACS Premium

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the emailfailedjob functionality specifically.

📦 What is this software?

Pacs Server by Meddream

View all CVEs affecting Pacs Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform actions as authenticated users, redirect to malicious sites, or install malware on user systems.

🟠

Likely Case

Session hijacking, credential theft, or redirection to phishing sites when users click malicious links.

🟢

If Mitigated

Limited impact if proper input validation and output encoding are implemented, though user interaction is still required.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Reflected XSS typically requires user interaction (clicking malicious link) but is straightforward to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Contact MedDream vendor for patch information. 2. Apply vendor-provided security update. 3. Test functionality after patching.

🔧 Temporary Workarounds

Input Validation and Output Encoding

all

Implement proper input validation and output encoding for the emailfailedjob parameter

Implement server-side validation of emailfailedjob parameter
Apply HTML encoding to all user-controlled output

Content Security Policy

all

Implement strict Content Security Policy headers to mitigate XSS impact

Add Content-Security-Policy header with script-src 'self'

🧯 If You Can't Patch

Implement WAF rules to block malicious XSS payloads in URL parameters
Disable or restrict access to emailfailedjob functionality if not required

🔍 How to Verify

Check if Vulnerable:

Test emailfailedjob parameter with XSS payloads like <script>alert('XSS')</script> and check if script executes

Check Version:

Check MedDream PACS version in admin interface or configuration files

Verify Fix Applied:

Retest with same XSS payloads and verify scripts do not execute

📡 Detection & Monitoring

Log Indicators:

Unusual URL parameters containing script tags or JavaScript code
Multiple failed attempts to access emailfailedjob with suspicious parameters

Network Indicators:

HTTP requests with script tags or JavaScript in URL parameters
Unusual redirects from emailfailedjob endpoints

SIEM Query:

source="web_logs" AND (url="*emailfailedjob*" AND (url="*<script>*" OR url="*javascript:*"))

📊 Metadata

CVE ID: CVE-2025-54495

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.04% exploit probability (10.4th percentile)

Published: January 20, 2026

Last Updated: January 29, 2026

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2255 Exploit,Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2255 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-54495, you might also want to check these: