CVE-2025-54759 – Sante PACS Server contains a stored cross-site ... (How to Fix)

Q: What is the severity of CVE-2025-54759?

CVE-2025-54759 has a CVSS score of 6.1 (MEDIUM). Sante PACS Server contains a stored cross-site scripting vulnerability that allows attackers to inject malicious HTML code. When exploited, this can redirect users to malicious websites and steal session cookies. Healthcare organizations using vulnerable Sante PACS Server versions are affected.

📋 TL;DR

Sante PACS Server contains a stored cross-site scripting vulnerability that allows attackers to inject malicious HTML code. When exploited, this can redirect users to malicious websites and steal session cookies. Healthcare organizations using vulnerable Sante PACS Server versions are affected.

💻 Affected Systems

Products:

Sante PACS Server

Versions: Specific versions not detailed in advisory; check vendor advisory for exact affected versions

Operating Systems: Windows, Linux (if applicable)

Default Config Vulnerable: ⚠️ Yes

Notes: Medical imaging systems in healthcare environments; requires user interaction to trigger the stored XSS payload.

📦 What is this software?

Sante Pacs Server by Santesoft

View all CVEs affecting Sante Pacs Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of user sessions leading to unauthorized access to medical imaging data, potential data theft, and lateral movement within healthcare networks.

🟠

Likely Case

Session hijacking allowing attackers to impersonate legitimate users, potentially accessing patient medical records and sensitive healthcare data.

🟢

If Mitigated

Limited impact with proper input validation and output encoding, potentially only affecting specific user interfaces.

🌐 Internet-Facing: HIGH - If exposed to the internet, attackers can target healthcare organizations globally to steal medical data.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this to escalate privileges and access sensitive medical data.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to inject malicious HTML into the application, which then executes when other users view the compromised content.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched version

Vendor Advisory: https://www.santesoft.com/security-advisories (example - actual URL may differ)

Restart Required: No

Instructions:

1. Contact SanteSoft for the security patch. 2. Apply the patch according to vendor instructions. 3. Test the patch in a non-production environment first. 4. Deploy to production systems during maintenance windows.

🔧 Temporary Workarounds

Input Validation and Output Encoding

all

Implement strict input validation and proper output encoding for all user-supplied content

Content Security Policy

web

Implement Content Security Policy headers to restrict script execution

Add 'Content-Security-Policy' header with appropriate directives

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block XSS payloads
Restrict user permissions to minimize injection opportunities and implement session timeout policies

🔍 How to Verify

Check if Vulnerable:

Test for XSS by attempting to inject HTML/JavaScript payloads into user-controllable fields and observing if they execute

Check Version:

Check Sante PACS Server administration interface or configuration files for version information

Verify Fix Applied:

Retest XSS injection attempts after patching; payloads should be properly sanitized and not execute

📡 Detection & Monitoring

Log Indicators:

Unusual HTML/JavaScript patterns in user input logs
Multiple failed login attempts from new locations after XSS execution

Network Indicators:

Outbound connections to suspicious domains following legitimate user sessions
Unexpected redirects in HTTP traffic

SIEM Query:

source="web_logs" AND (message="*<script>*" OR message="*javascript:*" OR message="*onload=*" OR message="*onerror=*")

📊 Metadata

CVE ID: CVE-2025-54759

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.04% exploit probability (11.5th percentile)

Published: August 18, 2025

Last Updated: October 17, 2025

🔗 References

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-224-01 Mitigation,Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-54759, you might also want to check these: