Sante Pacs Server
CVE-2025-53948
HIGH
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. The application would require a manual restart and no authentication is required.
AnalysisAI
The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-415. The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. The application would require a manual restart and no authentication is required. Affected products include: Santesoft Sante Pacs Server.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Sante Pacs Server
View allSante PACS Server contains an unauthenticated path traversal vulnerability that allows remote attackers to download arbi
During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the u
Sante PACS Server Token Endpoint SQL Injection Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8),
This vulnerability allows remote attackers to bypass authentication on affected installations of Sante PACS Server 3.0.4
Sante PACS Server web portal is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 4.8), this vulner
Sante PACS Server is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.1), this vulnerability is
The Sante PACS Server Web Portal sends credential information without encryption. Rated critical severity (CVSS 9.1), th
Sante PACS Server URL path Memory Corruption Denial-of-Service Vulnerability. Rated high severity (CVSS 7.5), this vulne
Sante PACS Server DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. Rated medium severity (CVSS 5
Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. Rated medium sever
Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. Rated medium severity (
Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. Rated medium severity (
Same weakness CWE-415 – Double Free
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today