CVE-2025-2264

HighPublic PoC

Published: 13 March 2025

Published

13 March 2025

Modified

03 April 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.6437 98.5th percentile

Risk Priority 54 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2264 is a high-severity Path Traversal (CWE-22) vulnerability in Santesoft Sante Pacs Server. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 1.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Data from Local System (T1005) and 2 other techniques. AI-specific risk: MITRE ATLAS Obtain Capabilities (AML.T0016) plus 1 more. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents path traversal exploitation by validating user-supplied file path inputs to block access to arbitrary files.

SI-2 Flaw Remediation good match

prevent

Mitigates the specific CVE by requiring timely identification, reporting, and remediation of the path traversal flaw through patching.

AC-3 Access Enforcement good match

prevent

Enforces access control policies to restrict logical access to system files, preventing unauthorized disclosure via path traversal.

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

T1083 File and Directory Discovery Discovery

Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Path traversal (CVE-2025-2264) enables arbitrary file reads for data collection from local system (T1005) and file/directory discovery (T1083). Vulnerabilities in public-facing Sante PACS Server facilitate exploitation (T1190), including buffer overflow (CVE-2025-2263) for potential RCE.

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

NVD Description

A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed.

Deeper analysisAI

CVE-2025-2264 is a Path Traversal Information Disclosure vulnerability (CWE-22) in Sante PACS Server.exe. Published on 2025-03-13, the issue has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact with no integrity or availability effects.

An unauthenticated remote attacker can exploit the vulnerability over the network with low complexity and no user interaction required. Successful exploitation allows the attacker to download arbitrary files from the disk drive where the Sante PACS Server.exe application is installed.

Mitigation details are available in the Tenable research advisory at https://www.tenable.com/security/research/tra-2025-08.