Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Sante PACS Server

Source -

CNA

CNA CVEs -

8

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
8Vulnerabilities found
CVE-2025-54759
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 7.25%
||
7 Day CHG~0.00%
Published-18 Aug, 2025 | 21:26
Updated-19 Aug, 2025 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Santesoft Sante PACS Server Cross-site Scripting

Sante PACS Server is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie.

Action-Not Available
Vendor-Santesoft LTD
Product-Sante PACS Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-54862
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-4.8||MEDIUM
EPSS-0.03% / 6.59%
||
7 Day CHG~0.00%
Published-18 Aug, 2025 | 21:23
Updated-19 Aug, 2025 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Santesoft Sante PACS Server Cross-site Scripting

Sante PACS Server web portal is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie.

Action-Not Available
Vendor-Santesoft LTD
Product-Sante PACS Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-54156
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.1||CRITICAL
EPSS-0.01% / 1.35%
||
7 Day CHG-0.01%
Published-18 Aug, 2025 | 21:21
Updated-19 Aug, 2025 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Santesoft Sante PACS Server Cleartext Transmission of Sensitive Information

The Sante PACS Server Web Portal sends credential information without encryption.

Action-Not Available
Vendor-Santesoft LTD
Product-Sante PACS Server
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-53948
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.7||HIGH
EPSS-0.23% / 46.17%
||
7 Day CHG+0.04%
Published-18 Aug, 2025 | 21:16
Updated-19 Aug, 2025 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Santesoft Sante PACS Server Double Free

The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. The application would require a manual restart and no authentication is required.

Action-Not Available
Vendor-Santesoft LTD
Product-Sante PACS Server
CWE ID-CWE-415
Double Free
CVE-2025-2284
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.35%
||
7 Day CHG~0.00%
Published-13 Mar, 2025 | 16:35
Updated-17 Mar, 2025 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Santesoft Sante PACS Server Access of Uninitialized Pointer DoS

A denial-of-service vulnerability exists in the "GetWebLoginCredentials" function in "Sante PACS Server.exe".

Action-Not Available
Vendor-Santesoft LTD
Product-Sante PACS Server
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2025-2265
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.18%
||
7 Day CHG~0.00%
Published-13 Mar, 2025 | 16:33
Updated-17 Mar, 2025 | 13:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Santesoft Sante PACS Server HTTP.db SHA1 Hash Truncation

The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte

Action-Not Available
Vendor-Santesoft LTD
Product-Sante PACS Server
CWE ID-CWE-916
Use of Password Hash With Insufficient Computational Effort
CVE-2025-2264
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-58.67% / 98.13%
||
7 Day CHG~0.00%
Published-13 Mar, 2025 | 16:29
Updated-03 Apr, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Santesoft Sante PACS Server Path Traversal Information Disclosure

A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed.

Action-Not Available
Vendor-Santesoft LTD
Product-sante_pacs_serverSante PACS Server
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-2263
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.24% / 78.42%
||
7 Day CHG~0.00%
Published-13 Mar, 2025 | 16:25
Updated-03 Apr, 2025 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Santesoft Sante PACS Server Stack-based Buffer Overflow

During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflow exists if a long encrypted username or password is supplied by an unauthenticated remote attacker.

Action-Not Available
Vendor-Santesoft LTD
Product-sante_pacs_serverSante PACS Server
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write