Login Sign Up

CVE-2025-2480

7.8 HIGH

📋 TL;DR

Santesoft Sante DICOM Viewer Pro contains an out-of-bounds write vulnerability that allows local attackers to execute arbitrary code by tricking users into opening malicious DCM files. This affects healthcare organizations and medical imaging professionals using this software for viewing medical images. The vulnerability requires user interaction but can lead to complete system compromise.

💻 Affected Systems

Products:
  • Santesoft Sante DICOM Viewer Pro
Versions: All versions prior to the patched release
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in default installation when processing DCM files. Requires user to open malicious file.

📦 What is this software?

Dicom Viewer Pro by Santesoft

View all CVEs affecting Dicom Viewer Pro →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with administrative privileges, data theft, ransomware deployment, and lateral movement within healthcare networks.

🟠

Likely Case

Local privilege escalation leading to data exfiltration of sensitive medical images and patient information, or installation of persistent malware.

🟢

If Mitigated

Limited impact due to application sandboxing, restricted user privileges, and network segmentation preventing lateral movement.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires social engineering to get user to open malicious DCM file. No authentication bypass needed once file is opened.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific version

Vendor Advisory: https://santesoft.com/win/sante-dicom-viewer-pro/download.html

Restart Required: No

Instructions:

1. Visit Santesoft website 2. Download latest version 3. Install update 4. Verify installation

🔧 Temporary Workarounds

Restrict DCM file handling

Windows

Configure system to open DCM files with alternative, secure software

User awareness training

all

Train users to only open DCM files from trusted sources

🧯 If You Can't Patch

  • Implement application whitelisting to prevent unauthorized code execution
  • Run software with least privilege user accounts, not administrative rights

🔍 How to Verify

Check if Vulnerable:

Check software version against vendor advisory. If using any version before the patched release, system is vulnerable.

Check Version:

Open Sante DICOM Viewer Pro → Help → About to view version

Verify Fix Applied:

Verify software version matches or exceeds patched version specified in vendor advisory.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when opening DCM files
  • Unusual process spawning from Sante DICOM Viewer

Network Indicators:

  • Outbound connections from Sante DICOM Viewer to unknown IPs
  • Unusual data exfiltration patterns

SIEM Query:

Process: 'SanteDICOMViewer.exe' AND (EventID: 1000 OR EventID: 1001) OR Network: SourceIP contains workstation AND DestinationIP not in allowed_medical_servers

📊 Metadata

CVE ID: CVE-2025-2480
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
EPSS Score: 0.04% exploit probability (13.2th percentile)
Published: March 20, 2025
Last Updated: October 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-2480, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)