Cyber Resilience

CVE-2025-0574

High

Published: 30 January 2025

Published
30 January 2025
Modified
19 February 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0103 77.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0574 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Santesoft Sante Pacs Server. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 22.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Deeper analysis

Sante PACS Server contains a memory corruption vulnerability in its web server module that arises during URL path parsing. The flaw stems from insufficient validation of user-supplied data and is tracked as ZDI-CAN-25318. Remote attackers can trigger the issue without authentication, resulting in a denial-of-service condition on affected installations. The vulnerability received a CVSS 3.1 score of 7.5 with high impact on availability and is associated with CWE-119 and CWE-787.

An unauthenticated remote attacker can send a specially crafted URL to the web server component, causing memory corruption that crashes the service and produces a denial-of-service state. No user interaction or credentials are required, and the attack can be carried out over the network.

The issue was disclosed by the Zero Day Initiative under advisory ZDI-25-055, which provides the technical details referenced above. The current EPSS score of 0.0103 shows only a minor peak of 0.0122 and does not indicate significant post-disclosure exploitation interest.

EU & UK References

Vulnerability details

Sante PACS Server URL path Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the…

more

parsing of URLs in the web server module. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-25318.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499 Endpoint Denial of Service Impact
Adversaries may perform Endpoint Denial of Service (DoS) attacks to degrade or block the availability of services to users.
Why these techniques?

Remote unauthenticated memory corruption in public-facing web server module directly enables T1190 exploitation resulting in endpoint DoS (T1499).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-0568Same product: Santesoft Sante Pacs Server
CVE-2025-0569Same product: Santesoft Sante Pacs Server
CVE-2025-2263Same product: Santesoft Sante Pacs Server
CVE-2025-2264Same product: Santesoft Sante Pacs Server
CVE-2025-2480Same vendor: Santesoft
CVE-2026-3703Shared CWE-119, CWE-787
CVE-2026-2940Shared CWE-119, CWE-787
CVE-2026-5152Shared CWE-119, CWE-787
CVE-2026-4184Shared CWE-119, CWE-787
CVE-2026-4961Shared CWE-119, CWE-787

Affected Assets

santesoft
sante pacs server
≤ 4.0.10

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 directly enforces validation of user-supplied URL inputs in the web server module, preventing memory corruption from malformed data.

preventdetect

SC-5 protects against denial-of-service events like the memory corruption crash triggered by unauthenticated remote URL requests.

prevent

SI-16 implements memory safeguards such as bounds checking or protections against out-of-bounds writes during URL parsing.

References