Directory Traversal Vulnerability in Sante PACS Server
CVE-2025-0573

5.3MEDIUM

Key Information:

Vendor: Sante
Status: Pacs Server
Vendor: CVE Published:; 30 January 2025

What is CVE-2025-0573?

The Sante PACS Server has a vulnerability related to DCM file parsing that allows remote attackers to exploit insufficient path validation. This flaw enables attackers to write arbitrary files on affected installations without the need for authentication, thereby compromising the security of the system. This issue arises from the poor handling of user-supplied paths during file operations, making it critical for users to understand the risks and apply necessary mitigations promptly.

Affected Version(s)

PACS Server 4.0.9

References

https://www.zerodayinitiative.com/advisories/ZDI-25-053/

x_research-advisory

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 30, 2025
Vulnerability Reserved
Jan 19, 2025