CVE-2025-0572

Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Sante PACS Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to write files in the context of the current user. Was ZDI-CAN-25308.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.zerodayinitiative.com/advisories/ZDI-25-054/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:santesoft:sante_pacs_server:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-01-30 21:15

Updated : 2025-02-19 19:27

NVD link : CVE-2025-0572

Mitre link : CVE-2025-0572

CVE.ORG link : CVE-2025-0572

JSON object : View

Products Affected

santesoft

sante_pacs_server

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2025-0572", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-01-30T21:15:14.093", "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-054/", "tags": ["Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Sante PACS Server. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to write files in the context of the current user. Was ZDI-CAN-25308."}, {"lang": "es", "value": "Vulnerabilidad de escritura arbitraria de archivos en el an\u00e1lisis de archivos Sante PACS Server Web Portal DCM. Esta vulnerabilidad permite a atacantes remotos crear archivos arbitrarios en las instalaciones afectadas de Sante PACS Server. Se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DCM. El problema es el resultado de la falta de validaci\u00f3n adecuada de una ruta proporcionada por el usuario antes de usarla en operaciones con archivos. Un atacante puede aprovechar esta vulnerabilidad para escribir archivos en el contexto del usuario actual. Era ZDI-CAN-25308."}], "lastModified": "2025-02-19T19:27:33.760", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:santesoft:sante_pacs_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37DACC13-644B-4297-8E5A-6054A58CB7D3", "versionEndExcluding": "4.0.10"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}