CVE-2025-0573

Medium CVSS: 5.3

Sante PACS Server DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to write files in the context of the current user. Was ZDI-CAN-25309.

Vendor

Santesoft

Product

Sante Pacs Server

CWE

CWE-22

Yayın Tarihi

2025-01-30 21:15:14

Güncelleme

2025-02-19 19:26:10

Source Identifier

zdi-disclosures@trendmicro.com

KEV Date Added

Kategoriler

CWE-22 Sante Pacs Server MEDIUM Santesoft 2025

Referanslar

https://www.zerodayinitiative.com/advisories/ZDI-25-053/

Benzer Kayıtlar

High

CVE-2026-2034

Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows r…

High

CVE-2025-53948

The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a deni…

Critical

CVE-2025-54156

The Sante PACS Server Web Portal sends credential information without encryption.

Medium

CVE-2025-54759

Sante PACS Server is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirectin…

Medium

CVE-2025-54862

Sante PACS Server web portal is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes…

High

CVE-2025-5481

Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allo…