CVE-2025-0569
📋 TL;DR
This vulnerability allows remote attackers to cause denial-of-service on Sante PACS Server by sending specially crafted DCM files. The memory corruption occurs during DCM file parsing without requiring authentication. Healthcare organizations using Sante PACS Server for medical imaging are affected.
💻 Affected Systems
- Sante PACS Server
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system crash requiring manual restart, potentially disrupting medical imaging workflows and patient care
Likely Case
Service disruption affecting DCM file processing capabilities, requiring system restart
If Mitigated
Minimal impact with proper network segmentation and file upload restrictions
🎯 Exploit Status
Requires crafting malicious DCM files but no authentication needed. ZDI-CAN-25303 suggests proof-of-concept exists in controlled disclosure.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Sante vendor advisory for specific patched version
Vendor Advisory: https://www.santesoft.com/security-advisories/ (check for CVE-2025-0569)
Restart Required: Yes
Instructions:
1. Contact Sante support for patch availability
2. Backup server configuration and data
3. Apply vendor-provided patch during maintenance window
4. Restart Sante PACS Server services
5. Verify DCM file processing functionality
🔧 Temporary Workarounds
Restrict DCM File Sources
windowsConfigure firewall rules to only allow DCM file uploads from trusted medical imaging sources
# Example Windows Firewall rule to restrict inbound DICOM traffic
New-NetFirewallRule -DisplayName "Restrict DICOM Sources" -Direction Inbound -Protocol TCP -LocalPort 104 -RemoteAddress TrustedImagingDevices -Action Allow
🧯 If You Can't Patch
- Implement network segmentation to isolate PACS server from untrusted networks
- Deploy web application firewall with DCM file inspection capabilities
🔍 How to Verify
Check if Vulnerable:
Check Sante PACS Server version against vendor advisory. Test with controlled DCM file upload if possible in lab environment.Check Version:
Check Sante PACS Server administration interface or consult vendor documentation for version commandVerify Fix Applied:
Verify patch installation via version check and test DCM file processing with sample medical images📡 Detection & Monitoring
Log Indicators:
- Multiple failed DCM file processing attempts
- Service crash logs mentioning DCM parsing
- Unusual DCM file upload patterns
Network Indicators:
- DICOM protocol traffic (port 104 typically) from unexpected sources
- Large or malformed DCM file transfers
SIEM Query:
source="pacs_server" AND (event_type="service_crash" OR error_message="DCM" OR error_message="memory")