CVE-2025-0568
📋 TL;DR
This vulnerability allows remote attackers to cause denial-of-service on Sante PACS Server by sending specially crafted DCM files. Authentication is not required, making any internet-facing installation vulnerable. The flaw exists in how the server parses DCM files, leading to memory corruption.
💻 Affected Systems
- Sante PACS Server
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system crash requiring manual restart, potentially disrupting medical imaging workflows and patient care.
Likely Case
Service disruption affecting DCM file processing capabilities, requiring server restart to restore functionality.
If Mitigated
Minimal impact if server is behind proper network segmentation and DCM file uploads are restricted.
🎯 Exploit Status
Exploitation requires crafting malicious DCM files but no authentication needed. ZDI has details but no public exploit available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched version
Vendor Advisory: https://www.santesoft.com/security-advisories/ (check for specific advisory)
Restart Required: Yes
Instructions:
1. Check vendor advisory for patched version
2. Backup server configuration and data
3. Apply vendor-provided patch/update
4. Restart Sante PACS Server service
5. Verify functionality
🔧 Temporary Workarounds
Network Segmentation
allRestrict access to Sante PACS Server to trusted networks only
Configure firewall rules to allow only trusted IPs/subnets to access PACS server ports
File Upload Restrictions
allImplement DCM file validation before processing
Implement proxy or WAF with file validation rules for DCM files
🧯 If You Can't Patch
- Isolate Sante PACS Server in separate network segment with strict access controls
- Implement application-level firewall or WAF with DCM file inspection capabilities
🔍 How to Verify
Check if Vulnerable:
Check Sante PACS Server version against vendor advisory. If unpatched and processing DCM files, assume vulnerable.Check Version:
Check Sante PACS Server administration interface or installation directory for version informationVerify Fix Applied:
Verify patch installation via version check and test DCM file processing functionality📡 Detection & Monitoring
Log Indicators:
- Unexpected server crashes or restarts
- Failed DCM file processing attempts
- Memory-related errors in application logs
Network Indicators:
- Multiple DCM file upload attempts from single source
- Unusual traffic patterns to PACS server DCM endpoints
SIEM Query:
source="sante-pacs" AND (event_type="crash" OR error_message="memory" OR "corruption")