Remotely Exploitable Critical Vulnerability Identified in Santesoft Sante PACS Server
Five vulnerabilities have been identified in the Santesoft Sante PACS Server medical image archiving and communication system, including a critical vulnerability that allows credentials to be intercepted.
The vulnerabilities affect all versions of Sante PACS Server prior to 4.2.3 and have been patched in version 4.2.3 and later versions. The three most serious vulnerabilities can be exploited remotely by an attacker in a low complexity attack. Successful exploitation of the vulnerabilities could allow an attacker to create arbitrary files, obtain sensitive data, steal users’ session cookies, and cause a denial-of-service condition.
- CVE-2025-54156 – A critical vulnerability that can be exploited by a remote attacker to steal credentials. The vulnerability is due to Sante PACS Server sending credential information in cleartext. The vulnerability has been assigned a CVSS v4 score of 9.1 (CVSS v3.1: 7.4).
- CVE-2025-53948 – A high-severity vulnerability that can be exploited by a remote attacker to crash the main thread by sending a specially crafted HL7 message, triggering a denial-of-service condition. The server would require a manual restart. The vulnerability has been assigned a CVSS v4 score of 8.7 (CVSS v3.1: 7.5)
- CVE-2025-0572 – A medium-severity vulnerability that can be exploited by a remote attacker to create arbitrary DCM files on vulnerable versions of Sante PACS Server. The vulnerability is due to improper limitation of a pathname to a restricted directory. The vulnerability has been assigned a CVSS v4 score of 5.3 (CVSS v3.1: 4.3)
- CVE-2025-54759 – A medium-severity cross-site scripting vulnerability in Sante PACS Server, which could be exploited by an attacker by injecting malicious HTML code, redirecting a user to a malicious web page to steal the user’s cookie. The vulnerability has been assigned a CVSS v4 score of 5.1 (CVSS v3.1: 6.1).
- CVE-2025-54862 – A medium-severity cross-site scripting vulnerability in the Sante PACS Server web portal, which could similarly be exploited by an attacker to direct a user to a malicious HTML page to steal the user’s cookie. The vulnerability has been assigned a CVSS v4 score of 4.8 (CVSS v3.1: 5.4).
The vulnerabilities were identified by Chizuru Toyama of TXOne Networks, who reported them to CISA. At present, there have been no known instances of exploitation in the wild; however, users are advised to update Santesoft Sante PACS Server to the latest version as soon as possible.
It is also recommended to avoid exposing Santesoft Sante PACS Server to the Internet. If remote access is required, use secure methods for access, such as a Virtual Private Network (VPN), ensuring it is kept up to date and running the latest version.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
