CVE-2025-2263

Critical CVSS: 9.8

During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflow exists if a long encrypted username or password is supplied by an unauthenticated remote attacker.

Vendor

Santesoft

Product

Sante Pacs Server

CWE

CWE-121

Yayın Tarihi

2025-03-13 17:15:38

Güncelleme

2025-04-03 18:20:38

Source Identifier

vulnreport@tenable.com

KEV Date Added

Kategoriler

CWE-121 Sante Pacs Server CRITICAL Santesoft 2025

Referanslar

https://www.tenable.com/security/research/tra-2025-08 https://www.tenable.com/security/research/tra-2025-08

Benzer Kayıtlar

High

CVE-2026-2034

Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows r…

High

CVE-2025-53948

The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a deni…

Critical

CVE-2025-54156

The Sante PACS Server Web Portal sends credential information without encryption.

Medium

CVE-2025-54759

Sante PACS Server is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirectin…

Medium

CVE-2025-54862

Sante PACS Server web portal is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes…

High

CVE-2025-5481

Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allo…