CVE-2025-58094 – This vulnerability allows attackers to execute ... (How to Fix)

📋 TL;DR

This vulnerability allows attackers to execute arbitrary JavaScript code in users' browsers through specially crafted URLs targeting the config.php functionality in MedDream PACS Premium. It affects healthcare organizations using this medical imaging software, potentially compromising patient data and system integrity. The attack requires tricking authenticated users into clicking malicious links.

💻 Affected Systems

Products:

MedDream PACS Premium

Versions: 7.3.6.870

Operating Systems: All platforms running MedDream PACS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the worklistsrc parameter in config.php functionality

📦 What is this software?

Pacs Server by Meddream

View all CVEs affecting Pacs Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through session hijacking, credential theft, and installation of persistent malware leading to data exfiltration of sensitive medical records.

🟠

Likely Case

Session hijacking allowing unauthorized access to patient medical images and records, potentially leading to data manipulation or theft.

🟢

If Mitigated

Limited impact with proper input validation and output encoding, potentially only causing temporary disruption.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires user interaction (clicking malicious link) but exploitation is straightforward once the URL is crafted

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2271

Restart Required: No

Instructions:

1. Contact MedDream vendor for patch availability
2. Apply vendor-provided security update
3. Test in non-production environment first
4. Deploy to production systems

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side input validation for the worklistsrc parameter

Implement proper input sanitization in config.php for worklistsrc parameter

Content Security Policy

all

Implement strict Content Security Policy headers to limit script execution

Add 'Content-Security-Policy: script-src 'self'' to HTTP headers

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block malicious parameter values
Restrict access to config.php functionality to trusted IP addresses only

🔍 How to Verify

Check if Vulnerable:

Test by attempting to inject JavaScript payloads into the worklistsrc parameter of config.php URLs

Check Version:

Check MedDream PACS version in administration interface or configuration files

Verify Fix Applied:

Verify that JavaScript payloads in worklistsrc parameter are properly sanitized and do not execute

📡 Detection & Monitoring

Log Indicators:

Unusual parameter values in config.php access logs
JavaScript code patterns in URL parameters

Network Indicators:

HTTP requests with suspicious script tags in worklistsrc parameter
Multiple failed XSS attempts

SIEM Query:

source="web_logs" AND uri="*config.php*" AND param="*worklistsrc*" AND (value="*<script>*" OR value="*javascript:*")

📊 Metadata

CVE ID: CVE-2025-58094

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.04% exploit probability (10.6th percentile)

Published: January 20, 2026

Last Updated: January 29, 2026

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2271 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-58094, you might also want to check these: