High Severity Vulnerability Identified in Santesoft Sante DICOM Viewer Pro
A high severity vulnerability has been identified in Santesoft Sante DICOM Viewer Pro, a professional DICOM medical image viewer, anonymizer, converter, and DICOM CD/DVD creator.
The memory corruption vulnerability is tracked as CVE-2025-5307, and is an out-of-bounds read issue, which means the product reads data before and after the beginning of the intended memory buffer. A local threat actor could exploit the vulnerability in a low complexity attack to disclose sensitive information and potentially execute arbitrary code on vulnerable versions of Sante DICOM Viewer Pro.
The vulnerability has been assigned a CVSS v4 base score of 8.4 and a CVSS v3.1 base score of 7.8. and affects Sante DICOM Viewer Pro version 14.2.1 and prior versions. Santesoft has fixed the vulnerability and advises all users to upgrade to v14.2.2 or a later version. At the time of writing, there have been no known cases of exploitation of the vulnerability. The vulnerability was reported to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) by researcher Michael Heinzl.
To minimize the risk of exploitation of this vulnerability and any future vulnerabilities in the product, CISA recommends ensuring the product is not accessible from the Internet, is protected by a firewall, and is isolated from business networks. If remote access is required, a secure method should be used to connect, such as a virtual private network (VPN). The VPN should be updated to the latest version.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
