CVE-2025-2263
Published: 13 March 2025
Summary
CVE-2025-2263 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Santesoft Sante Pacs Server. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 12.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2025-2263 is a stack-based buffer overflow in the web server login routine of Sante PACS Server.exe. During decryption of the supplied username and password, the code invokes the OpenSSL function EVP_DecryptUpdate with a fixed 0x80-byte stack buffer as the output destination. An unauthenticated remote attacker who supplies an excessively long encrypted credential can overflow this buffer, triggering CWE-121 and CWE-787 conditions. The vulnerability carries a CVSS 3.1 score of 9.8.
An unauthenticated attacker with network access can send a crafted login request containing an oversized encrypted username or password. Successful exploitation grants the attacker the ability to execute arbitrary code or crash the server, resulting in full compromise of confidentiality, integrity, and availability without any user interaction or prior authentication.
The two Tenable references describe the issue but do not detail vendor patches or configuration mitigations in the supplied information. The associated EPSS scores have remained low and essentially flat (current 0.0339, peak 0.0348), indicating no significant post-disclosure surge in observed exploitation activity.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-6300
Vulnerability details
During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflow exists…
more
if a long encrypted username or password is supplied by an unauthenticated remote attacker.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated remote stack-based buffer overflow in web server login via crafted encrypted credentials enables exploitation of a public-facing application for potential RCE.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Flaw remediation directly mitigates this CVE by applying patches or updates to fix the stack buffer overflow in the decryption function.
Memory protection mechanisms like stack canaries, ASLR, and DEP prevent exploitation of the stack-based buffer overflow for arbitrary code execution.
Input validation on the length of encrypted username and password fields prevents supplying excessively long data that overflows the fixed decryption buffer.