CVE-2025-2264

Published Mar 13, 2025

Last updated 2 months ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-2264 is a path traversal information disclosure vulnerability that exists in Sante PACS Server.exe. An unauthenticated remote attacker can exploit this vulnerability to download arbitrary files on the disk drive where the application is installed. The vulnerability is due to the product using external input to construct a pathname without properly neutralizing special elements, which can cause the pathname to resolve to a location outside of the restricted directory. Attackers can use special elements like “../” to escape the restricted location and access files elsewhere on the system.

Description: A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed.
Source: vulnreport@tenable.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

Weaknesses

vulnreport@tenable.com: CWE-22
nvd@nist.gov: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:santesoft:sante_pacs_server:4.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94D12F49-C02A-4B31-B215-387260205DB3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.