Cyber Resilience

CVE-2025-0568

High

Published: 30 January 2025

Published
30 January 2025
Modified
19 February 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0167 82.5th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0568 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Santesoft Sante Pacs Server. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 17.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

Sante PACS Server contains a memory corruption vulnerability in its DCM file parsing logic, tracked as CVE-2025-0568 and originally reported as ZDI-CAN-25302. The flaw stems from insufficient validation of user-supplied data within DCM files, which can trigger memory corruption and lead to a denial-of-service condition. The issue affects installations of Sante PACS Server and carries a CVSS 3.1 base score of 7.5 with network attack vector and no required authentication or user interaction.

Remote attackers can exploit the vulnerability by sending a specially crafted DCM file to an affected server, resulting in a crash or service disruption without any credentials. The weakness is categorized under CWE-119 and CWE-787, confirming classic out-of-bounds memory operations during parsing.

A Zero Day Initiative advisory (ZDI-25-049) has been published for the issue. The associated EPSS score remains flat at 0.0167 with no material increase since disclosure.

EU & UK References

Vulnerability details

Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within…

more

the parsing of DCM files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-25302.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Remote unauthenticated exploitation of a public-facing PACS server via crafted DCM input directly matches T1190; memory corruption yields only DoS impact with no RCE or other post-exploitation primitives described.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-0569Same product: Santesoft Sante Pacs Server
CVE-2025-0574Same product: Santesoft Sante Pacs Server
CVE-2025-2263Same product: Santesoft Sante Pacs Server
CVE-2025-2264Same product: Santesoft Sante Pacs Server
CVE-2025-2480Same vendor: Santesoft
CVE-2026-3703Shared CWE-119, CWE-787
CVE-2026-2940Shared CWE-119, CWE-787
CVE-2026-5152Shared CWE-119, CWE-787
CVE-2026-4184Shared CWE-119, CWE-787
CVE-2026-4961Shared CWE-119, CWE-787

Affected Assets

santesoft
sante pacs server
≤ 4.0.10

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the lack of proper validation of user-supplied DCM files that leads to memory corruption during parsing.

prevent

Provides memory protections to prevent exploitation of out-of-bounds writes and other memory corruption in the DCM parsing component.

prevent

Ensures timely remediation of the specific flaw in Sante PACS Server via security updates or patches as advised in ZDI-25-049.

References