CVE-2025-36556
BaseFortify
Publication date: 2026-01-20
Last updated on: 2026-01-29
Assigner: Talos
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| meddream | pacs_server | 7.3.6.870 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-36556 is a reflected cross-site scripting (XSS) vulnerability in the ldapUser functionality of MedDream PACS Premium version 7.3.6.870. It occurs because the 'status' parameter in the URL query string is directly included in the HTML response without any sanitization or encoding. An attacker can craft a malicious URL containing arbitrary JavaScript code in this parameter. When a victim clicks this URL, the malicious script executes in their browser, potentially leading to unauthorized actions or data exposure. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary JavaScript code in the context of a victim's browser when they access a specially crafted URL. This can lead to theft of sensitive information, session hijacking, or manipulation of the web interface. Since MedDream PACS handles medical images and related data, exploitation could compromise confidentiality and integrity of sensitive medical information. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending crafted HTTP GET requests to the ldapUser.php script with a malicious 'status' parameter and observing if the response reflects the injected script without sanitization. For example, you can use curl to test the vulnerability: curl -i "http://<target-ip>/Pacs/ldapUser.php?status=%3Cscript%3Ealert(1)%3C/script%3E" and check if the response HTML contains the injected <script>alert(1)</script> tag. If the script is reflected and executed in a browser, the vulnerability exists. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the vendor's patch released on December 5, 2025, which fixes the improper input sanitization in the ldapUser.php script. Until the patch is applied, restrict access to the vulnerable ldapUser.php endpoint, implement web application firewall (WAF) rules to block requests containing suspicious script tags in the 'status' parameter, and educate users to avoid clicking on untrusted URLs that may exploit this vulnerability. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows arbitrary JavaScript execution via reflected XSS, which can lead to unauthorized access or disclosure of sensitive information in MedDream PACS Premium, a system used for managing medical images. This could potentially impact confidentiality and integrity of protected health information, thereby affecting compliance with regulations such as HIPAA that require safeguarding patient data. However, specific compliance impacts are not detailed in the provided resources. [1]