CVE-2025-2264 Scanner
CVE-2025-2264 Scanner - Path Traversal vulnerability in Sante PACS Server.exe
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
8 days 11 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
-
Sante PACS Server.exe is a DICOM-compliant picture archiving and communication system server developed by Santesoft. It is primarily used in medical imaging environments to store, retrieve, and manage DICOM files and patient data. This server software is deployed in hospitals, clinics, and diagnostic centers where secure and efficient medical imaging workflows are essential. The application allows healthcare professionals to access imaging data remotely, improving collaboration and diagnosis. Its features include DICOM storage, web access, and integration with various medical imaging equipment. The software is often installed on Windows environments and connected to imaging modalities and PACS clients.
The vulnerability discovered in Sante PACS Server.exe is a Path Traversal vulnerability that can lead to information disclosure. An unauthenticated attacker can manipulate the URL to access arbitrary files located on the server's disk. This type of vulnerability arises due to improper validation of user-supplied input in file path handling. It allows attackers to navigate the file system structure using relative path syntax such as "../". By leveraging this flaw, attackers can potentially extract sensitive configuration files, logs, or other critical data. This poses a significant risk, especially in environments dealing with sensitive healthcare information.
Technical analysis of this vulnerability shows that a specially crafted GET request targeting the `/assets/../../.HTTP/HTTP.db` path can exploit the flaw. The vulnerable parameter is the file path embedded in the request. If successful, the server responds with SQLite database files containing user tables and other information. The response status code remains 200, and the body content reveals database markers like 'TABLE USER' and 'format'. The presence of these elements confirms successful exploitation of the path traversal vulnerability. No authentication is required to access the file, making this an easily exploitable security issue.
Exploiting this vulnerability could allow attackers to obtain sensitive information such as stored credentials, user details, or logs containing operational data. If healthcare data is accessible, it may result in HIPAA violations or regulatory non-compliance. The attacker may also gain insights into the server configuration, helping to craft further attacks. Unauthorized file access could expose the system to secondary threats such as privilege escalation or lateral movement. Additionally, data leakage could severely impact the organization's reputation and legal standing. Prompt remediation is essential to prevent exploitation in production environments.
REFERENCES