CVE-2025-0570 – This vulnerability allows authenticated remote ... (How to Fix)

Q: What is the severity of CVE-2025-0570?

CVE-2025-0570 has a CVSS score of 6.5 (MEDIUM). This vulnerability allows authenticated remote attackers to cause denial-of-service conditions on Sante PACS Server installations by sending specially crafted DCM files. The memory corruption occurs during DCM file parsing due to insufficient input validation. Healthcare organizations using Sante PACS Server Web Portal are affected.

📋 TL;DR

This vulnerability allows authenticated remote attackers to cause denial-of-service conditions on Sante PACS Server installations by sending specially crafted DCM files. The memory corruption occurs during DCM file parsing due to insufficient input validation. Healthcare organizations using Sante PACS Server Web Portal are affected.

💻 Affected Systems

Products:

Sante PACS Server Web Portal

Versions: Specific versions not disclosed in advisory; check vendor advisory for details

Operating Systems: Windows (presumed based on typical PACS deployments)

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authentication to exploit; affects the DCM file parsing component of the web portal.

📦 What is this software?

Sante Pacs Server by Santesoft

View all CVEs affecting Sante Pacs Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash requiring manual intervention to restore service, potentially disrupting medical imaging workflows and patient care.

🟠

Likely Case

Service disruption affecting the PACS web portal functionality, requiring system restart to recover normal operations.

🟢

If Mitigated

Minimal impact with proper authentication controls and input validation in place.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Authentication required; attacker needs valid credentials and ability to upload DCM files to the portal.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched version

Vendor Advisory: https://www.santesoft.com/security-advisories/ (check for specific advisory)

Restart Required: Yes

Instructions:

1. Check vendor advisory for specific patch version
2. Download patch from Sante support portal
3. Apply patch following vendor instructions
4. Restart Sante PACS Server services

🔧 Temporary Workarounds

Restrict DCM file uploads

all

Limit DCM file uploads to trusted sources only through network controls

Strengthen authentication

all

Implement multi-factor authentication and strong password policies

🧯 If You Can't Patch

Implement strict access controls to limit who can upload DCM files to the portal
Deploy network segmentation to isolate PACS server from untrusted networks

🔍 How to Verify

Check if Vulnerable:

Check Sante PACS Server version against vendor advisory; test with controlled DCM file upload if possible

Check Version:

Check Sante PACS Server administration interface or configuration files for version information

Verify Fix Applied:

Verify patch installation via version check and test DCM file upload functionality

📡 Detection & Monitoring

Log Indicators:

Multiple failed DCM file upload attempts
Service crash/restart events in application logs
Unusual DCM file upload patterns

Network Indicators:

Unusual DCM file upload traffic patterns
Multiple authentication attempts followed by DCM uploads

SIEM Query:

source="sante-pacs" AND (event="service_crash" OR event="dcm_upload_error")

📊 Metadata

CVE ID: CVE-2025-0570

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-119

EPSS Score: 0.24% exploit probability (47th percentile)

Published: January 30, 2025

Last Updated: February 19, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-25-050/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-0570, you might also want to check these: