CVE-2025-2265
Published: 13 March 2025
Description
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Security Summary
CVE-2025-2265 is a vulnerability in Sante PACS Server.exe, published on 2025-03-13, affecting the password storage mechanism for web users. Passwords are zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table of the SQLite database HTTP.db. However, if the hash contains a zero byte, the number of encoded and stored hash bytes is truncated, as associated with CWE-916. The issue has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
The vulnerability can be exploited by a local attacker with low privileges (PR:L), requiring low attack complexity and no user interaction. Successful exploitation enables high-impact consequences on confidentiality, integrity, and availability, potentially allowing the attacker to compromise user credentials or escalate control over the affected system due to the flawed hashing process.
Mitigation details are provided in the Tenable research advisory at https://www.tenable.com/security/research/tra-2025-08.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is a flawed password hashing/storage mechanism (truncation on zero bytes in SHA1 hash) in an application database file, directly enabling local attackers to compromise and recover web user credentials.