How to fix CVE-2025-2264?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Review file handling controls and restrict upload directories.

Is Sante Pacs Server affected by CVE-2025-2264?

CVE-2025-2264 presents notable security risk, a path traversal vulnerability rated CVSS 7.5. This could allow attackers to access or modify files outside intended directories, potentially exposing sensitive configuration or credentials.

CVE-2025-2264

HIGH

2025-03-13 [email protected]

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:31 vuln.today

PoC Detected

Apr 03, 2025 - 18:19 vuln.today

Public exploit code

CVE Published

Mar 13, 2025 - 17:15 nvd

HIGH 7.5

Description

A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed.

Analysis

Sante PACS Server contains an unauthenticated path traversal vulnerability that allows remote attackers to download arbitrary files from the server's installation drive. Medical imaging servers typically contain DICOM files with protected health information (PHI), making this a significant healthcare data breach vector.

Technical Context

The web interface of Sante PACS Server.exe improperly handles URL-encoded path traversal sequences. An unauthenticated attacker can send crafted HTTP requests with ../ sequences to read any file on the drive where the application is installed. PACS (Picture Archiving and Communication System) servers store DICOM medical images that contain embedded patient data.

Affected Products

['Sante PACS Server']

Remediation

Update Sante PACS Server to a patched version. Never expose PACS servers directly to the internet. Implement network segmentation for medical imaging infrastructure. Deploy a reverse proxy with path traversal filtering. Conduct a PHI breach assessment if exploitation is suspected.

Priority Score

129

Low Medium High Critical

KEV: 0

EPSS: +71.5

CVSS: +38

POC: +20

CVE-2025-2264 vulnerability details – vuln.today

Back

CVE-2025-2264

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-2264

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code