CVE-2025-58080 – A reflected cross-site scripting vulnerability ... (How to Fix)

Q: What is the severity of CVE-2025-58080?

CVE-2025-58080 has a CVSS score of 6.1 (MEDIUM). A reflected cross-site scripting vulnerability in MedDream PACS Premium allows attackers to execute arbitrary JavaScript code by tricking users into clicking malicious URLs. This affects healthcare organizations using the vulnerable version of the medical imaging software. Attackers can steal session cookies, redirect users, or perform actions on their behalf.

📋 TL;DR

A reflected cross-site scripting vulnerability in MedDream PACS Premium allows attackers to execute arbitrary JavaScript code by tricking users into clicking malicious URLs. This affects healthcare organizations using the vulnerable version of the medical imaging software. Attackers can steal session cookies, redirect users, or perform actions on their behalf.

💻 Affected Systems

Products:

MedDream PACS Premium

Versions: 7.3.6.870

Operating Systems: All platforms running the vulnerable software

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects the modifyHL7App functionality. Requires user interaction (clicking malicious link).

📦 What is this software?

Pacs Server by Meddream

View all CVEs affecting Pacs Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete account takeover, patient data theft, manipulation of medical records, or ransomware deployment through session hijacking.

🟠

Likely Case

Session hijacking leading to unauthorized access to patient data, credential theft, or defacement of the application interface.

🟢

If Mitigated

Limited impact due to proper input validation, content security policies, and user awareness training preventing successful exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Reflected XSS requires user interaction but is trivial to exploit once malicious URL is crafted.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Monitor vendor website for security updates. 2. Apply patch when available. 3. Test in non-production environment first.

🔧 Temporary Workarounds

Implement Content Security Policy

all

Add CSP headers to restrict script execution sources

Add 'Content-Security-Policy: default-src 'self'; script-src 'self'' to web server configuration

Input Validation Filter

all

Add server-side input validation for modifyHL7App parameters

Implement proper HTML encoding/escaping for all user inputs in modifyHL7App endpoint

🧯 If You Can't Patch

Implement web application firewall with XSS protection rules
Disable modifyHL7App functionality if not required

🔍 How to Verify

Check if Vulnerable:

Test modifyHL7App endpoint with XSS payloads like <script>alert('test')</script> in URL parameters

Check Version:

Check application version in admin interface or configuration files

Verify Fix Applied:

Verify that XSS payloads are properly sanitized and do not execute in browser

📡 Detection & Monitoring

Log Indicators:

Unusual parameter values in modifyHL7App requests
Script tags or JavaScript code in URL parameters

Network Indicators:

HTTP requests with suspicious parameters to modifyHL7App endpoint

SIEM Query:

source="web_logs" AND uri="*modifyHL7App*" AND (param="*<script>*" OR param="*javascript:*")

📊 Metadata

CVE ID: CVE-2025-58080

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.04% exploit probability (10.4th percentile)

Published: January 20, 2026

Last Updated: January 29, 2026

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2264 Exploit,Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2264 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-58080, you might also want to check these: