CVE-2025-0572
📋 TL;DR
This vulnerability allows authenticated remote attackers to write arbitrary files to the Sante PACS Server filesystem via directory traversal in DCM file parsing. Attackers can create files anywhere the web server process has write permissions. Only installations of Sante PACS Server with the vulnerable component are affected.
💻 Affected Systems
- Sante PACS Server
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise through web shell deployment, privilege escalation, or data destruction if attacker gains authenticated access and writes malicious files to critical locations.
Likely Case
Unauthorized file creation leading to web shell installation, data manipulation, or denial of service through file system corruption.
If Mitigated
Limited impact if file system permissions restrict write access to non-critical directories and proper authentication controls are in place.
🎯 Exploit Status
Authentication required; exploitation involves crafting malicious DCM files with directory traversal sequences.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched version
Vendor Advisory: https://www.santesoft.com/security-advisories
Restart Required: Yes
Instructions:
1. Check current Sante PACS Server version
2. Download and apply vendor-provided patch
3. Restart Sante PACS Server services
4. Verify patch application
🔧 Temporary Workarounds
Restrict DCM file uploads
allTemporarily disable or restrict DCM file upload functionality in the web portal
Configure web portal to reject DCM file uploads
Implement strict file system permissions
allRestrict web server process write permissions to minimal required directories
chmod 755 /var/www/html (Linux)
icacls C:\webroot /deny IUSR:(OI)(CI)W (Windows)
🧯 If You Can't Patch
- Implement network segmentation to isolate Sante PACS Server from critical systems
- Enforce strong authentication policies and monitor for suspicious authenticated sessions
🔍 How to Verify
Check if Vulnerable:
Check if Sante PACS Server version matches affected range in vendor advisory; test with controlled DCM file containing traversal sequencesCheck Version:
Check Sante PACS Server administration interface or installation directory for version informationVerify Fix Applied:
Verify patched version is installed; test that DCM files with traversal sequences are properly rejected📡 Detection & Monitoring
Log Indicators:
- Unusual DCM file upload patterns
- File write operations to unexpected directories
- Authentication logs showing suspicious user activity
Network Indicators:
- HTTP POST requests with DCM files containing path traversal sequences
- Unusual outbound connections from web server
SIEM Query:
source="web_logs" AND (uri="*.dcm" OR method="POST") AND (message="..\\" OR message="../")