Login Sign Up

CVE-2025-54814

6.1 MEDIUM
Cross-Site Scripting

📋 TL;DR

A reflected cross-site scripting vulnerability in MedDream PACS Premium allows attackers to execute arbitrary JavaScript code by tricking users into clicking malicious URLs. This affects healthcare organizations using MedDream PACS Premium 7.3.6.870 for medical imaging. Attackers can steal session cookies, redirect users, or perform actions on their behalf.

💻 Affected Systems

Products:
  • MedDream PACS Premium
Versions: 7.3.6.870
Operating Systems: All platforms running MedDream PACS Premium
Default Config Vulnerable: ⚠️ Yes
Notes: Specifically affects the modifyAutopurgeFilter functionality. Requires user interaction (clicking malicious link).

📦 What is this software?

Pacs Server by Meddream

View all CVEs affecting Pacs Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal administrator credentials, gain full system access, and potentially compromise patient medical data and imaging systems.

🟠

Likely Case

Attackers steal user session cookies to impersonate legitimate users, access patient data, or modify system settings.

🟢

If Mitigated

Limited impact with proper input validation, output encoding, and Content Security Policy headers in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Reflected XSS typically requires social engineering but is technically simple to exploit once the vulnerable parameter is identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Contact MedDream vendor for patch availability. 2. Apply vendor-provided patch when available. 3. Test in non-production environment first.

🔧 Temporary Workarounds

Implement WAF Rules

all

Configure web application firewall to block XSS payloads targeting modifyAutopurgeFilter parameter

Content Security Policy

all

Implement strict CSP headers to prevent inline script execution

Content-Security-Policy: script-src 'self'

🧯 If You Can't Patch

  • Implement input validation and output encoding for modifyAutopurgeFilter parameter
  • Restrict access to MedDream PACS to trusted networks only

🔍 How to Verify

Check if Vulnerable:

Test modifyAutopurgeFilter parameter with XSS payloads like <script>alert('test')</script> and check if script executes

Check Version:

Check MedDream PACS version in administration interface or configuration files

Verify Fix Applied:

Retest with same XSS payloads and verify scripts no longer execute

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests containing script tags or JavaScript in modifyAutopurgeFilter parameter
  • Unusual parameter values in modifyAutopurgeFilter requests

Network Indicators:

  • HTTP requests with suspicious parameters containing JavaScript code
  • Traffic patterns showing XSS payload delivery

SIEM Query:

source="web_logs" AND (modifyAutopurgeFilter CONTAINS "<script>" OR modifyAutopurgeFilter CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2025-54814
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
EPSS Score: 0.04% exploit probability (10.4th percentile)
Published: January 20, 2026
Last Updated: January 29, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-54814, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)