What is the CVSS score of CVE-2025-2264?

CVE-2025-2264 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 71.5%.

Which versions of Sante Pacs Server are affected by CVE-2025-2264?

CVE-2025-2264 presents notable security risk, a path traversal vulnerability rated CVSS 7.5.

Is there a public PoC exploit available for CVE-2025-2264?

Yes, a public proof-of-concept exploit is available for CVE-2025-2264. Prioritise patching immediately. EPSS: 71.5%.

How to fix or mitigate CVE-2025-2264?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Review file handling controls and restrict upload directories.

Sante Pacs Server CVE-2025-2264

HIGH

Path Traversal (CWE-22)

2025-03-13 vulnreport@tenable.com

Information Disclosure Path Traversal Sante Pacs Server

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:31 vuln.today

PoC Detected

Apr 03, 2025 - 18:19 vuln.today

Public exploit code

CVE Published

Mar 13, 2025 - 17:15 nvd

HIGH 7.5

DescriptionNVD

A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed.

AnalysisAI

Sante PACS Server contains an unauthenticated path traversal vulnerability that allows remote attackers to download arbitrary files from the server's installation drive. Medical imaging servers typically contain DICOM files with protected health information (PHI), making this a significant healthcare data breach vector.

Technical ContextAI

The web interface of Sante PACS Server.exe improperly handles URL-encoded path traversal sequences. An unauthenticated attacker can send crafted HTTP requests with ../ sequences to read any file on the drive where the application is installed. PACS (Picture Archiving and Communication System) servers store DICOM medical images that contain embedded patient data.

RemediationAI

Update Sante PACS Server to a patched version. Never expose PACS servers directly to the internet. Implement network segmentation for medical imaging infrastructure. Deploy a reverse proxy with path traversal filtering. Conduct a PHI breach assessment if exploitation is suspected.

CVE-2025-2264 vulnerability details – vuln.today

Back

Sante Pacs Server CVE-2025-2264

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code