CVE-2025-54157
BaseFortify
Publication date: 2026-01-20
Last updated on: 2026-01-29
Assigner: Talos
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| meddream | pacs_server | 7.3.6.870 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-54157 is a reflected cross-site scripting (XSS) vulnerability in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. It occurs because the application improperly handles the 'mimetype' parameter in the Pacs/encapsulatedDoc.php script by embedding unsanitized user input directly into the HTML response. An attacker can craft a malicious URL with JavaScript code in the 'mimetype' parameter, which then executes in the victim's browser when the error message is displayed. This requires the attacker to be authenticated and involves user interaction. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary JavaScript code in the context of a victim's browser session after authentication. This can lead to theft of sensitive information, session hijacking, or performing actions on behalf of the user. Although the impact on confidentiality and integrity is rated low, it can still compromise user trust and security within the MedDream PACS environment. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending a crafted HTTP GET request to the vulnerable endpoint and observing the response for reflected script tags. For example, you can use the following curl command to test the vulnerability: curl -i "http://<target>/Pacs/encapsulatedDoc.php?mimetype=<script>alert(1)</script>" and check if the response contains the injected script in the HTML output, such as <h2><font color=red>Unknown MIMETYPE: <script>alert(1)</script></font></h2>. Detection requires authentication, so ensure you are authenticated before testing. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the vendor-released patch available since December 5, 2025. Until the patch is applied, restrict access to the vulnerable functionality to trusted users only, monitor for suspicious requests containing script tags in the mimetype parameter, and educate users about the risk of clicking on untrusted URLs. Additionally, consider implementing web application firewall (WAF) rules to block requests with suspicious mimetype parameter values. [1]