Cyber Posture

CVE-2025-2263

CriticalPublic PoC

Published: 13 March 2025

Published
13 March 2025
Modified
03 April 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0348 87.6th percentile
Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

Security Summary

CVE-2025-2263 is a stack-based buffer overflow vulnerability affecting the web server login functionality in Sante PACS Server.exe. The issue occurs when the OpenSSL function EVP_DecryptUpdate is invoked to decrypt the supplied username and password, passing a fixed 0x80-byte stack-based buffer as the output parameter. Supplying a long encrypted username or password exceeds this buffer size, triggering the overflow.

An unauthenticated remote attacker can exploit this vulnerability over the network by submitting a login request with an excessively long encrypted credential. The CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) reflects its critical severity, enabling potential arbitrary code execution with high impacts on confidentiality, integrity, and availability. It maps to CWE-121 (Stack-based Buffer Overflow) and CWE-787 (Out-of-bounds Write).

Mitigation details are available in the Tenable research advisory at https://www.tenable.com/security/research/tra-2025-08, published on 2025-03-13.

Details

CWE(s)
CWE-121CWE-787

Affected Products

santesoft
sante pacs server
4.1.0

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Unauthenticated remote stack-based buffer overflow in web server login via crafted encrypted credentials enables exploitation of a public-facing application for potential RCE.

References