Stored Cross-Site Scripting Vulnerability in Sante PACS Server
CVE-2025-54759

5.1MEDIUM

Key Information:

Vendor: Santesoft
Status: Sante Pacs Server
Vendor: CVE Published:; 18 August 2025

What is CVE-2025-54759?

The Sante PACS Server is vulnerable to stored cross-site scripting, which allows attackers to inject malicious HTML code into the system. This vulnerability can redirect users to malicious websites, enabling cookie theft and potential unauthorized access to sensitive information. It is crucial for users to stay informed and implement necessary security measures to protect against such exploitation.

Affected Version(s)

Sante PACS Server 0 < 4.2.3

References

https://www.cisa.gov/news-events/ics-medical-advisories/i...

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 18, 2025
Vulnerability Reserved
Aug 5, 2025

Credit

Chizuru Toyama of TXOne Networks reported these vulnerabilities to CISA.