CVE-2025-2264
published 2025-03-13CVE-2025-2264: A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download…
PriorityP182high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
38.66%
98.4th percentile
A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | cbl2_vim_9.0.0050-2_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_vim_9.0.0050-1_on_cbl_mariner_1.0 | — | — |
| santesoft | sante_pacs_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
yara↗
contains_all(body, 'SQLite','TABLE USER','format') AND status_code == 200
- →Detect path traversal attempts targeting the /assets/ prefix followed by ../ sequences in HTTP requests to port 3000 on Sante PACS Server. ↗
- →Flag HTTP responses containing 'SQLite', 'TABLE USER', and 'format' strings together with HTTP 200 status — this indicates successful exfiltration of the HTTP.db credential database. ↗
- →Monitor for unauthenticated GET requests to Sante PACS Server (port 3000) containing '/../' or '%2F..%2F' sequences, especially targeting .HTTP/HTTP.db. ↗
- →Use Shodan favicon hash 1185161484 to identify internet-exposed Sante PACS Server instances for proactive asset discovery. ↗
- →A Metasploit auxiliary module (gather/pacsserver_traversal) exists for this CVE and can be used to test for exploitation attempts in logs. ↗
- ·The path traversal bypass relies on the /assets/ prefix passing the sanity check — the server only validates that the URL contains '/assets/' or a valid extension (.js, .css), not that the resolved path stays within the OHIFViewer directory. ↗
- ·File retrieval is limited to the disk drive where the application is installed; arbitrary files on that drive are accessible without authentication. ↗
- ·The static resource root is C:\Sante Server DB\.OHIFViewer\; traversal sequences escape this directory to reach arbitrary paths on the same drive. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck7.5HIGH
vendor_msrc7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xrc3-9jj6-mqcm: A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server
ghsa_unreviewed·2025-03-13
CVE-2025-2264 [HIGH] CWE-22 GHSA-xrc3-9jj6-mqcm: A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server
A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed.
VulnCheck
santesoft sante_pacs_server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2025·CVSS 7.5
CVE-2025-2264 [HIGH] santesoft sante_pacs_server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
santesoft sante_pacs_server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed.
Affected: santesoft sante_pacs_server
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://app.crowdsec.net/cti/cve-explorer/CVE-2025-2264; https://viz.greynoise.io/tags/sante-pacs-server-unauthenticated-path-traversal-cve-2025-2264-attempt?days=1; https://api.vulncheck.com/v3/index/vulncheck-canaries?cve=CVE-2025-2264&date=2025-1
Microsoft
Heap-based Buffer Overflow in vim/vim
vendor_msrc·2022-07-12·CVSS 7.8
CVE-2022-2264 [HIGH] CWE-122 Heap-based Buffer Overflow in vim/vim
Heap-based Buffer Overflow in vim/vim
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
@huntrdev: @huntrdev
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn.microsoft
No detection rules found.
Nuclei
Sante PACS Server.exe - Path Traversal Information Disclosure
nuclei·CVSS 7.5
CVE-2025-2264 [HIGH] Sante PACS Server.exe - Path Traversal Information Disclosure
Sante PACS Server.exe - Path Traversal Information Disclosure
A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed.
Template:
id: CVE-2025-2264
info:
name: Sante PACS Server.exe - Path Traversal Information Disclosure
author: DhiyaneshDK
severity: high
description: |
A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed.
impact: |
Unauthenticated attackers can exploit path traversal to download arbitrary files from the server, potentially exposing sensitive p
Metasploit
Sante PACS Server Path Traversal (CVE-2025-2264)
metasploit·CVSS 7.5
CVE-2025-2264 [HIGH] Sante PACS Server Path Traversal (CVE-2025-2264)
Sante PACS Server Path Traversal (CVE-2025-2264)
This module exploits a path traversal vulnerability (CVE-2025-2264) in Sante PACS Server <= v4.1.0 to retrieve arbitrary files from the system.
Tenable
Multiple Vulnerabilities in Sante PACS Server
blogs_tenable·2025-03-13
Multiple Vulnerabilities in Sante PACS Server
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Greynoiseio
NoiseLetter August 2025
blogs_greynoiseio
NoiseLetter August 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Bugzilla
CVE-2025-40135 kernel: ipv6: use RCU in ip6_xmit()
bugzilla·2025-11-12
CVE-2025-40135 [MEDIUM] CVE-2025-40135 kernel: ipv6: use RCU in ip6_xmit()
CVE-2025-40135 kernel: ipv6: use RCU in ip6_xmit()
In the Linux kernel, the following vulnerability has been resolved:
ipv6: use RCU in ip6_xmit()
Use RCU in ip6_xmit() in order to use dst_dev_rcu() to prevent
possible UAF.
Discussion:
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025111255-CVE-2025-40135-67ca@gregkh/T
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 10
Via RHSA-2026:1690 https://access.redhat.com/errata/RHSA-2026:1690
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2026:2212 https://access.redhat.com/errata/RHSA-2026:2212
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2026:2264 https://access.redhat.com/e
Bugzilla
CVE-2025-38403 kernel: vsock/vmci: Clear the vmci transport packet properly when initializing it
bugzilla·2025-07-25·CVSS 7.8
CVE-2025-38403 [HIGH] CVE-2025-38403 kernel: vsock/vmci: Clear the vmci transport packet properly when initializing it
CVE-2025-38403 kernel: vsock/vmci: Clear the vmci transport packet properly when initializing it
In the Linux kernel, the following vulnerability has been resolved:
vsock/vmci: Clear the vmci transport packet properly when initializing it
In vmci_transport_packet_init memset the vmci_transport_packet before
populating the fields to avoid any uninitialised data being left in the
structure.
Discussion:
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025072504-CVE-2025-38403-0da0@gregkh/T
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2026:2212 https://access.redhat.com/errata/RHSA-2026:2212
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2026:2264 https://access.redh
2025-03-13
Published
Exploited in the wild