CVE-2025-58091 – Multiple reflected cross-site scripting vulnera... (How to Fix)

Q: What is the severity of CVE-2025-58091?

CVE-2025-58091 has a CVSS score of 6.1 (MEDIUM). Multiple reflected cross-site scripting vulnerabilities in MedDream PACS Premium allow attackers to execute arbitrary JavaScript code via specially crafted URLs targeting the thumbnaildir parameter. This affects users of MedDream PACS Premium 7.3.6.870 who access malicious links, potentially leading to session hijacking or credential theft.

📋 TL;DR

Multiple reflected cross-site scripting vulnerabilities in MedDream PACS Premium allow attackers to execute arbitrary JavaScript code via specially crafted URLs targeting the thumbnaildir parameter. This affects users of MedDream PACS Premium 7.3.6.870 who access malicious links, potentially leading to session hijacking or credential theft.

💻 Affected Systems

Products:

MedDream PACS Premium

Versions: 7.3.6.870

Operating Systems: All platforms running MedDream PACS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in config.php functionality specifically in thumbnaildir parameter handling.

📦 What is this software?

Pacs Server by Meddream

View all CVEs affecting Pacs Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal administrator credentials, gain full system access, and compromise patient medical data integrity and confidentiality.

🟠

Likely Case

Attackers hijack user sessions, steal authentication cookies, and perform unauthorized actions within the PACS system.

🟢

If Mitigated

Limited impact with proper input validation and output encoding, potentially only affecting individual user sessions.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction (clicking malicious link) but requires no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2271

Restart Required: No

Instructions:

1. Contact MedDream vendor for patch availability 2. Apply vendor-provided security update 3. Verify fix implementation

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side input validation for thumbnaildir parameter

Modify config.php to sanitize thumbnaildir input using htmlspecialchars() or similar functions

Content Security Policy

all

Implement CSP headers to restrict script execution

Add 'Content-Security-Policy: script-src 'self'' header to web server configuration

🧯 If You Can't Patch

Implement web application firewall with XSS protection rules
Restrict access to config.php functionality to trusted IP addresses only

🔍 How to Verify

Check if Vulnerable:

Test thumbnaildir parameter with XSS payloads like <script>alert('test')</script> and check if script executes

Check Version:

Check MedDream version in admin interface or configuration files

Verify Fix Applied:

Retest with XSS payloads after implementing fixes to confirm no script execution

📡 Detection & Monitoring

Log Indicators:

Unusual GET requests to config.php with script tags in thumbnaildir parameter
Multiple failed XSS attempts in web logs

Network Indicators:

HTTP requests containing script tags or JavaScript code in URL parameters

SIEM Query:

source="web_logs" AND uri="*config.php*" AND (thumbnaildir="*<script>*" OR thumbnaildir="*javascript:*")

📊 Metadata

CVE ID: CVE-2025-58091

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.04% exploit probability (10.6th percentile)

Published: January 20, 2026

Last Updated: January 29, 2026

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2271 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-58091, you might also want to check these: