Denial of Service Vulnerability in Sante PACS Server by Sante Health
CVE-2025-53948

8.7HIGH

Key Information:

Vendor: Santesoft
Status: Sante Pacs Server
Vendor: CVE Published:; 18 August 2025

What is CVE-2025-53948?

The Sante PACS Server is vulnerable to a denial of service attack, which can be exploited by a remote attacker sending specially crafted HL7 messages. This vulnerability allows an attacker to crash the main thread of the application, resulting in a condition where the service becomes unavailable. Recovery from this state requires a manual restart of the application, emphasizing the need for immediate attention to protect against potential disruption to medical services.

Affected Version(s)

Sante PACS Server 0 < 4.2.3

References

https://www.cisa.gov/news-events/ics-medical-advisories/i...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 18, 2025
Vulnerability Reserved
Aug 5, 2025

Credit

Chizuru Toyama of TXOne Networks reported these vulnerabilities to CISA.

Santesoft

What is CVE-2025-53948?

Affected Version(s)

References

CVSS V4

Timeline

Credit