Detections
Analytics

Sante PACS Server Path Traversal (CVE-2025-2264)

high Nessus Plugin ID 234076

Language:

Synopsis

A picture archiving and communication system is affected by a path traversal vulnerability.

Description

The Sante PACS Server running on the remote host is affected by a path traversal vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to download arbitrary files on the disk drive where the application is installed.

Note that some versions of Sante PACS Server may be fragile and may terminate during a scan. In such cases, detection may not be performed.

Solution

Upgrade to version 4.2.0 or later.

See Also

https://santesoft.com/win/sante-pacs-server/whats_new.html

Plugin Details

Severity: High

ID: 234076

File Name: sante_pacs_server_cve-2025-2264.nbin

Version: 1.1

Type: remote

Family: CGI abuses

Published: 4/9/2025

Updated: 4/9/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2025-2264

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Vulnerability Information

CPE: cpe:/a:santesoft:sante_pacs_server

Required KB Items: installed_sw/Sante PACS Server Web UI

Exploited by Nessus: true

Patch Publication Date: 3/3/2025

Vulnerability Publication Date: 3/13/2025

Reference Information

CVE: CVE-2025-2264