Santesoft Sante Pacs Server
8 CVEs affecting Santesoft Sante Pacs Server. Latest disclosed: 2025-08-18. Critical: 1, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-2263 | Critical | 9.8 | 2025-03-13 | During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte… |
CVE-2025-2265 | High | 7.8 | 2025-03-13 | The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite d… |
CVE-2025-53948 | High | 7.5 | 2025-08-18 | The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. The applicatio… |
CVE-2025-2284 | High | 7.5 | 2025-03-13 | A denial-of-service vulnerability exists in the "GetWebLoginCredentials" function in "Sante PACS Server.exe". |
CVE-2025-2264 | High | 7.5 | 2025-03-13 | A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrar… |
CVE-2025-54156 | High | 7.4 | 2025-08-18 | The Sante PACS Server Web Portal sends credential information without encryption. |
CVE-2025-54759 | Medium | 6.1 | 2025-08-18 | Sante PACS Server is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and ste… |
CVE-2025-54862 | Medium | 5.4 | 2025-08-18 | Sante PACS Server web portal is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webp… |