CVE-2025-0568
Published: 30 January 2025
Summary
CVE-2025-0568 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Santesoft Sante Pacs Server. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 17.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the lack of proper validation of user-supplied DCM files that leads to memory corruption during parsing.
Provides memory protections to prevent exploitation of out-of-bounds writes and other memory corruption in the DCM parsing component.
Ensures timely remediation of the specific flaw in Sante PACS Server via security updates or patches as advised in ZDI-25-049.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated exploitation of a public-facing PACS server via crafted DCM input directly matches T1190; memory corruption yields only DoS impact with no RCE or other post-exploitation primitives described.
NVD Description
Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within…
more
the parsing of DCM files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-25302.
Deeper analysisAI
CVE-2025-0568 is a memory corruption vulnerability affecting the DCM file parsing component in Sante PACS Server. The flaw stems from a lack of proper validation of user-supplied data during DCM file processing, which can trigger a denial-of-service condition on vulnerable installations. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and maps to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-787 (Out-of-bounds Write).
Remote attackers can exploit this vulnerability without authentication by sending a specially crafted DCM file to the server. Successful exploitation results in memory corruption, leading to a denial-of-service condition that disrupts system availability.
The Zero Day Initiative has published advisory ZDI-25-049, which provides further details on this issue, originally tracked as ZDI-CAN-25302. Security practitioners should consult this advisory for additional guidance on identification and mitigation.
Details
- CWE(s)