CVE-2025-54817 – A reflected cross-site scripting vulnerability ... (How to Fix)

Q: What is the severity of CVE-2025-54817?

CVE-2025-54817 has a CVSS score of 6.1 (MEDIUM). A reflected cross-site scripting vulnerability in MedDream PACS Premium allows attackers to execute arbitrary JavaScript code by tricking users into clicking malicious URLs. This affects MedDream PACS Premium 7.3.6.870 installations, potentially compromising user sessions and data.

📋 TL;DR

A reflected cross-site scripting vulnerability in MedDream PACS Premium allows attackers to execute arbitrary JavaScript code by tricking users into clicking malicious URLs. This affects MedDream PACS Premium 7.3.6.870 installations, potentially compromising user sessions and data.

💻 Affected Systems

Products:

MedDream PACS Premium

Versions: 7.3.6.870

Operating Systems: All platforms running MedDream PACS Premium

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability is in the autoPurge functionality and requires user interaction via malicious URLs.

📦 What is this software?

Pacs Server by Meddream

View all CVEs affecting Pacs Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal session cookies, perform actions as authenticated users, redirect to phishing sites, or install malware via drive-by downloads.

🟠

Likely Case

Session hijacking leading to unauthorized access to medical imaging data and patient information.

🟢

If Mitigated

Limited impact if proper input validation and output encoding are implemented, though some user interaction is still required.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction but is technically simple once the malicious URL is crafted.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

Contact MedDream vendor for patch information. Monitor vendor security advisories for updates.

🔧 Temporary Workarounds

Implement WAF Rules

all

Configure web application firewall to block XSS payloads in URL parameters

Input Validation Filter

all

Add server-side validation to sanitize autoPurge parameter inputs

🧯 If You Can't Patch

Implement Content Security Policy (CSP) headers to restrict script execution
Deploy network segmentation to isolate MedDream PACS from internet access

🔍 How to Verify

Check if Vulnerable:

Test with XSS payloads in autoPurge parameter: /path?autoPurge=<script>alert('XSS')</script>

Check Version:

Check MedDream PACS version in administration interface or configuration files

Verify Fix Applied:

Verify that script tags in autoPurge parameter are properly sanitized or blocked

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing script tags or JavaScript in autoPurge parameter
Unusual URL patterns with encoded payloads

Network Indicators:

Malicious URLs being shared via email or messaging
Traffic patterns showing XSS payload delivery

SIEM Query:

source="web_logs" AND (uri="*autoPurge=*script*" OR uri="*autoPurge=*javascript:*")

📊 Metadata

CVE ID: CVE-2025-54817

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.04% exploit probability (10.4th percentile)

Published: January 20, 2026

Last Updated: January 29, 2026

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2253 Exploit,Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2253 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-54817, you might also want to check these: