CVE-2025-0573 is a medium-severity vulnerability found in the SanteSoft Sante PACS Server. This vulnerability allows remote attackers to create arbitrary files on affected installations without requiring authentication. The flaw arises from improper validation of user-supplied paths during the parsing of DCM files.
The lack of proper validation enables attackers to exploit this vulnerability to write files in the context of the current user. The issue has been classified under CWE-22, which pertains to improper restriction of a pathname to a restricted directory ('directory traversal').
The CVSS score for this vulnerability is 5.3, indicating a medium level of severity. Organizations should assess their exposure to this vulnerability and prioritize patching immediately to mitigate potential risks.
As of now, there is no known public exploit for this vulnerability, but the ease of exploitation due to the lack of authentication makes it critical for organizations to address.
The vulnerability was published on January 30, 2025, and it is crucial for organizations using the affected Sante PACS Server to remain vigilant and apply necessary patches.
Vulnerability Details
This vulnerability allows remote attackers to create arbitrary files on affected installations of Sante PACS Server. The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations.
The vulnerability has a CVSS score of 5.3, which indicates a medium severity. The CVSS vector for this vulnerability is "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", highlighting its attack vector as network-based, with low attack complexity and no privileges required for exploitation.
The affected product is Sante PACS Server, with all versions prior to 4.0.10 being vulnerable. The vulnerability was assigned the identifier ZDI-CAN-25309.
Technical Analysis
The root cause of this vulnerability is the improper validation of user-supplied paths during DCM file parsing. This oversight allows an attacker to leverage the flaw and execute file operations without restrictions. The attack vector is network-based, meaning the attacker does not need to be on the same local network as the targeted server.
The attack complexity is low, as the attacker does not need any special privileges or user interaction to exploit the vulnerability. The impact on integrity is classified as low, indicating potential harm to the system's data without affecting availability or confidentiality.
Risk & Impact Analysis
Risk to organizations includes unauthorized file creation, which may lead to further exploitation or data manipulation. The blast radius can be significant, especially if the attacker can manipulate files that affect the functionality of the Sante PACS Server.
Organizations should address this vulnerability in their priority patch cycle due to its medium CVSS score and the potential for exploitation without authentication. The vulnerability's presence in a widely used medical imaging software poses a particular risk to healthcare institutions.
Exploitation Status
Signal | Status |
|---|---|
Known Exploit | No |
Public PoC | No |
Actively Exploited | No |
Ransomware Use | No |
Affected Versions
All versions of Sante PACS Server prior to 4.0.10 are affected by this vulnerability. Organizations using the software should check their versions and apply the necessary updates.
Mitigation & Remediation
Organizations should prioritize patching immediately. It is essential to update to the latest version of Sante PACS Server to close this vulnerability. If a patch is unavailable, consider implementing additional network controls to restrict access to the affected server.
Detection Guidance
Monitor logs for any unauthorized file creation attempts or abnormal behaviors that could indicate exploitation of this vulnerability. Pay attention to network traffic directed at the Sante PACS Server that may suggest probing for this issue.
AppSecure Threat Intelligence Insight
This vulnerability represents a concerning trend in arbitrary file write vulnerabilities, particularly in networked applications like Sante PACS Server. Organizations must adopt a proactive approach to vulnerability management and consider regular security assessments, such as penetration testing to identify and remediate such vulnerabilities.
As remote work continues to be prevalent, ensuring that applications are well-secured against unauthorized access will be paramount. Organizations should adopt a comprehensive security strategy and remain vigilant against emerging threats.
To stay informed about the latest trends in application security, organizations can refer to resources such as the vulnerability management program design.
Moreover, continuous assessment and updates are essential to ensure that security measures remain effective against evolving threats. Regular reviews of security posture and timely patching can significantly reduce the risk of exploitation.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)