CVE-2025-54852
BaseFortify
Publication date: 2026-01-20
Last updated on: 2026-01-29
Assigner: Talos
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| meddream | pacs_server | 7.3.6.870 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-54852 is a reflected cross-site scripting (XSS) vulnerability in the modifyAeTitle functionality of MedDream PACS Premium 7.3.6.870. The vulnerability occurs because the 'title' parameter from a URL query string is directly embedded into the HTML output without proper sanitization. If the 'title' parameter does not match an entry in the database, the application outputs an error message containing the unsanitized 'title' value. An attacker can craft a malicious URL containing JavaScript code in the 'title' parameter, which will then be executed in the victim's browser when they visit the URL. This can happen without any user authentication. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not specify how this reflected XSS vulnerability in MedDream PACS Premium affects compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary JavaScript code in the context of a victim's browser when they visit a specially crafted URL. This can lead to theft of session cookies, user impersonation, or other malicious actions performed on behalf of the victim. Since the vulnerability is pre-authentication and exploitable over the network, it can be triggered by simply convincing a user to click a malicious link, potentially compromising user data and system integrity. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending crafted HTTP GET requests to the vulnerable endpoint and observing if the response reflects unsanitized input in the HTML output. For example, you can use curl or similar tools to send a request like: curl -i "http://<target>/Pacs/modifyAeTitle.php?title=<script>alert(1)</script>" and check if the response contains the injected script tag. If the script tag appears in the response HTML without sanitization, the system is vulnerable. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the vendor's patch released on December 5, 2025, which fixes the vulnerability by properly sanitizing the 'title' parameter. Until the patch can be applied, you can implement web application firewall (WAF) rules to block requests containing suspicious script tags or other potentially malicious input in the 'title' parameter. Additionally, restricting access to the modifyAeTitle.php endpoint to trusted users or networks can reduce exposure. [1]