Login Sign Up

CVE-2025-57786

6.1 MEDIUM
Cross-Site Scripting

📋 TL;DR

A reflected cross-site scripting vulnerability in MedDream PACS Premium allows attackers to execute arbitrary JavaScript code by tricking users into clicking a malicious URL. This affects MedDream PACS Premium version 7.3.6.870, potentially compromising user sessions and data. Healthcare organizations using this medical imaging software are at risk.

💻 Affected Systems

Products:
  • MedDream PACS Premium
Versions: 7.3.6.870
Operating Systems: All platforms running MedDream PACS Premium
Default Config Vulnerable: ⚠️ Yes
Notes: Specifically affects the notifynewstudy functionality. Requires user interaction (clicking malicious link).

📦 What is this software?

Pacs Server by Meddream

View all CVEs affecting Pacs Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker steals authenticated sessions, accesses sensitive medical imaging data, performs actions as authenticated users, and potentially pivots to other systems.

🟠

Likely Case

Attacker steals session cookies to impersonate users, accesses patient medical records, and modifies or deletes medical imaging data.

🟢

If Mitigated

Limited to session hijacking of users who click malicious links, with proper input validation and output encoding preventing exploitation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit requires crafting malicious URL with JavaScript payload and social engineering to get user to click.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2269

Restart Required: No

Instructions:

1. Monitor vendor for security update. 2. Apply patch when available. 3. Test in non-production environment first.

🔧 Temporary Workarounds

Input Validation and Output Encoding

all

Implement proper input validation and output encoding for the notifynewstudy parameter

Implement server-side validation of notifynewstudy parameter
Apply HTML entity encoding to user-controlled output

Content Security Policy

all

Implement strict Content Security Policy to mitigate XSS impact

Add Content-Security-Policy header with script-src 'self'

🧯 If You Can't Patch

  • Implement web application firewall with XSS protection rules
  • Restrict access to MedDream PACS to trusted networks only

🔍 How to Verify

Check if Vulnerable:

Test notifynewstudy parameter with XSS payload: <script>alert('XSS')</script>

Check Version:

Check MedDream PACS version in administration interface or configuration files

Verify Fix Applied:

Verify XSS payload no longer executes and is properly encoded in output

📡 Detection & Monitoring

Log Indicators:

  • Unusual long URLs with script tags in access logs
  • Multiple failed XSS attempts

Network Indicators:

  • HTTP requests with script tags in notifynewstudy parameter
  • Unusual outbound connections after XSS payload execution

SIEM Query:

source="web_logs" AND ("notifynewstudy" AND ("script" OR "javascript:" OR "onerror=" OR "onload="))

📊 Metadata

CVE ID: CVE-2025-57786
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
EPSS Score: 0.04% exploit probability (10.4th percentile)
Published: January 20, 2026
Last Updated: January 29, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-57786, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)