Cyber Posture

CVE-2025-2264

HighPublic PoC

Published: 13 March 2025

Published
13 March 2025
Modified
03 April 2025
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.6385 98.4th percentile
Risk Priority 53 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

Security Summary

CVE-2025-2264 is a Path Traversal Information Disclosure vulnerability (CWE-22) in Sante PACS Server.exe. Published on 2025-03-13, the issue has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact with no integrity or availability effects.

An unauthenticated remote attacker can exploit the vulnerability over the network with low complexity and no user interaction required. Successful exploitation allows the attacker to download arbitrary files from the disk drive where the Sante PACS Server.exe application is installed.

Mitigation details are available in the Tenable research advisory at https://www.tenable.com/security/research/tra-2025-08.

Details

CWE(s)
CWE-22

Affected Products

santesoft
sante pacs server
4.1.0

MITRE ATT&CK Enterprise Techniques

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
T1083 File and Directory Discovery Discovery
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
attack.mitre.org →
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Path traversal (CVE-2025-2264) enables arbitrary file reads for data collection from local system (T1005) and file/directory discovery (T1083). Vulnerabilities in public-facing Sante PACS Server facilitate exploitation (T1190), including buffer overflow (CVE-2025-2263) for potential RCE.

References