CVE-2025-54862 – Sante PACS Server web portal contains a stored ... (How to Fix)

Q: What is the severity of CVE-2025-54862?

CVE-2025-54862 has a CVSS score of 5.4 (MEDIUM). Sante PACS Server web portal contains a stored cross-site scripting vulnerability that allows attackers to inject malicious HTML. When exploited, this can redirect users to malicious websites and steal session cookies. Healthcare organizations using vulnerable Sante PACS Server versions are affected.

📋 TL;DR

Sante PACS Server web portal contains a stored cross-site scripting vulnerability that allows attackers to inject malicious HTML. When exploited, this can redirect users to malicious websites and steal session cookies. Healthcare organizations using vulnerable Sante PACS Server versions are affected.

💻 Affected Systems

Products:

Sante PACS Server

Versions: Specific versions not detailed in advisory; check vendor advisory for exact affected versions

Operating Systems: Windows, Linux (if applicable)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web portal component of Sante PACS Server; medical imaging systems storing patient data are particularly sensitive targets.

📦 What is this software?

Sante Pacs Server by Santesoft

View all CVEs affecting Sante Pacs Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal administrator session cookies, gain full system access, compromise patient data, and potentially pivot to other hospital systems.

🟠

Likely Case

Attackers steal user session cookies to access patient records, modify data, or perform unauthorized actions within the PACS system.

🟢

If Mitigated

Limited impact with proper input validation and output encoding, though some user inconvenience from malicious redirects may still occur.

🌐 Internet-Facing: HIGH - Web portals exposed to internet are directly accessible to attackers without network perimeter controls.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this to escalate privileges or move laterally.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires attacker to have access to inject malicious HTML into the web portal; stored XSS means payload persists and affects multiple users.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched version

Vendor Advisory: https://www.santesoft.com/security (example - actual URL should be verified)

Restart Required: No

Instructions:

1. Contact Sante support for patch availability 2. Apply vendor-provided security update 3. Test in non-production environment first 4. Deploy to production systems during maintenance window

🔧 Temporary Workarounds

Implement Web Application Firewall

all

Deploy WAF with XSS protection rules to block malicious HTML injection attempts

Content Security Policy

web

Implement strict CSP headers to prevent execution of unauthorized scripts

Content-Security-Policy: default-src 'self'; script-src 'self'

🧯 If You Can't Patch

Isolate Sante PACS Server behind network segmentation with strict access controls
Implement additional authentication layers and session management controls

🔍 How to Verify

Check if Vulnerable:

Review web portal for unescaped user input fields; test with safe payloads like <script>alert('test')</script> in input fields

Check Version:

Check Sante PACS Server administration panel or consult vendor documentation for version command

Verify Fix Applied:

Verify patch installation via version check; retest XSS payloads to confirm they are properly sanitized

📡 Detection & Monitoring

Log Indicators:

Unusual HTML/script tags in user input logs
Multiple redirects to external domains
Suspicious cookie access patterns

Network Indicators:

Outbound connections to unknown domains following portal access
Unusual traffic patterns from PACS web server

SIEM Query:

source="pacs-web.log" AND ("<script>" OR "javascript:" OR "onload=" OR "onerror=")

📊 Metadata

CVE ID: CVE-2025-54862

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.04% exploit probability (11.3th percentile)

Published: August 18, 2025

Last Updated: October 17, 2025

🔗 References

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-224-01 Mitigation,Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-54862, you might also want to check these: