CVE-2025-0574

High CVSS: 7.5

Sante PACS Server URL path Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the parsing of URLs in the web server module. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-25318.

Vendor

Santesoft

Product

Sante Pacs Server

CWE

CWE-119

Yayın Tarihi

2025-01-30 21:15:14

Güncelleme

2025-02-19 19:15:33

Source Identifier

zdi-disclosures@trendmicro.com

KEV Date Added

Kategoriler

CWE-119 Sante Pacs Server HIGH Santesoft 2025

Referanslar

https://www.zerodayinitiative.com/advisories/ZDI-25-055/

Benzer Kayıtlar

High

CVE-2026-2034

Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows r…

High

CVE-2025-53948

The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a deni…

Critical

CVE-2025-54156

The Sante PACS Server Web Portal sends credential information without encryption.

Medium

CVE-2025-54759

Sante PACS Server is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirectin…

Medium

CVE-2025-54862

Sante PACS Server web portal is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes…

High

CVE-2025-5481

Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allo…