Memory Corruption Vulnerability in Sante PACS Server by Sante Health
CVE-2025-0574

7.5HIGH

Key Information:

Vendor: Sante
Status: Pacs Server
Vendor: CVE Published:; 30 January 2025

What is CVE-2025-0574?

A vulnerability exists within Sante PACS Server that allows remote attackers to trigger a denial-of-service condition. The flaw arises from improper validation of user-supplied data during URL parsing in the web server module, leading to memory corruption. Attackers can exploit this vulnerability without needing authentication, making it critical for users to secure their installations immediately.

Affected Version(s)

PACS Server 4.0.9

References

https://www.zerodayinitiative.com/advisories/ZDI-25-055/

x_research-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 30, 2025
Vulnerability Reserved
Jan 19, 2025