Sante Pacs Server
CVE-2025-2264
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed.
AnalysisAI
Sante PACS Server contains an unauthenticated path traversal vulnerability that allows remote attackers to download arbitrary files from the server's installation drive. Medical imaging servers typically contain DICOM files with protected health information (PHI), making this a significant healthcare data breach vector.
Technical ContextAI
The web interface of Sante PACS Server.exe improperly handles URL-encoded path traversal sequences. An unauthenticated attacker can send crafted HTTP requests with ../ sequences to read any file on the drive where the application is installed. PACS (Picture Archiving and Communication System) servers store DICOM medical images that contain embedded patient data.
RemediationAI
Update Sante PACS Server to a patched version. Never expose PACS servers directly to the internet. Implement network segmentation for medical imaging infrastructure. Deploy a reverse proxy with path traversal filtering. Conduct a PHI breach assessment if exploitation is suspected.
More in Sante Pacs Server
View allDuring login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the u
Sante PACS Server Token Endpoint SQL Injection Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8),
This vulnerability allows remote attackers to bypass authentication on affected installations of Sante PACS Server 3.0.4
Sante PACS Server web portal is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 4.8), this vulner
Sante PACS Server is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.1), this vulnerability is
The Sante PACS Server Web Portal sends credential information without encryption. Rated critical severity (CVSS 9.1), th
The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a deni
Sante PACS Server URL path Memory Corruption Denial-of-Service Vulnerability. Rated high severity (CVSS 7.5), this vulne
Sante PACS Server DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. Rated medium severity (CVSS 5
Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. Rated medium sever
Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. Rated medium severity (
Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. Rated medium severity (
Same weakness CWE-22 – Path Traversal
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today