Cyber Resilience

CVE-2025-2263

CriticalPublic PoC

Published: 13 March 2025

Published
13 March 2025
Modified
03 April 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0339 87.7th percentile
Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2263 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Santesoft Sante Pacs Server. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 12.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-2263 is a stack-based buffer overflow in the web server login routine of Sante PACS Server.exe. During decryption of the supplied username and password, the code invokes the OpenSSL function EVP_DecryptUpdate with a fixed 0x80-byte stack buffer as the output destination. An unauthenticated remote attacker who supplies an excessively long encrypted credential can overflow this buffer, triggering CWE-121 and CWE-787 conditions. The vulnerability carries a CVSS 3.1 score of 9.8.

An unauthenticated attacker with network access can send a crafted login request containing an oversized encrypted username or password. Successful exploitation grants the attacker the ability to execute arbitrary code or crash the server, resulting in full compromise of confidentiality, integrity, and availability without any user interaction or prior authentication.

The two Tenable references describe the issue but do not detail vendor patches or configuration mitigations in the supplied information. The associated EPSS scores have remained low and essentially flat (current 0.0339, peak 0.0348), indicating no significant post-disclosure surge in observed exploitation activity.

EU & UK References

Vulnerability details

During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflow exists…

more

if a long encrypted username or password is supplied by an unauthenticated remote attacker.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Unauthenticated remote stack-based buffer overflow in web server login via crafted encrypted credentials enables exploitation of a public-facing application for potential RCE.

CVEs Like This One

CVE-2025-0568Same product: Santesoft Sante Pacs Server
CVE-2025-0569Same product: Santesoft Sante Pacs Server
CVE-2025-0574Same product: Santesoft Sante Pacs Server
CVE-2025-2264Same product: Santesoft Sante Pacs Server
CVE-2025-37169Shared CWE-121, CWE-787
CVE-2026-0791Shared CWE-121, CWE-787
CVE-2023-54330Shared CWE-121, CWE-787
CVE-2025-70245Shared CWE-121, CWE-787
CVE-2026-24497Shared CWE-121, CWE-787
CVE-2025-41730Shared CWE-121, CWE-787

Affected Assets

santesoft
sante pacs server
4.1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw remediation directly mitigates this CVE by applying patches or updates to fix the stack buffer overflow in the decryption function.

prevent

Memory protection mechanisms like stack canaries, ASLR, and DEP prevent exploitation of the stack-based buffer overflow for arbitrary code execution.

prevent

Input validation on the length of encrypted username and password fields prevents supplying excessively long data that overflows the fixed decryption buffer.

References