Sante Pacs Server
CVE-2025-0572
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Sante PACS Server. Authentication is required to exploit this vulnerability.
The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to write files in the context of the current user. Was ZDI-CAN-25308.
AnalysisAI
Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Sante PACS Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to write files in the context of the current user. Was ZDI-CAN-25308. Affected products include: Santesoft Sante Pacs Server.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
More in Sante Pacs Server
View allSante PACS Server contains an unauthenticated path traversal vulnerability that allows remote attackers to download arbi
During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the u
Sante PACS Server Token Endpoint SQL Injection Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8),
This vulnerability allows remote attackers to bypass authentication on affected installations of Sante PACS Server 3.0.4
Sante PACS Server web portal is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 4.8), this vulner
Sante PACS Server is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.1), this vulnerability is
The Sante PACS Server Web Portal sends credential information without encryption. Rated critical severity (CVSS 9.1), th
The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a deni
Sante PACS Server URL path Memory Corruption Denial-of-Service Vulnerability. Rated high severity (CVSS 7.5), this vulne
Sante PACS Server DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. Rated medium severity (CVSS 5
Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. Rated medium severity (
Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. Rated medium severity (
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today