CVE-2025-0571 in PACS Server
Summary
by MITRE • 01/30/2025
Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is required to exploit this vulnerability.
The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-25305.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 01/31/2025
The vulnerability identified as CVE-2025-0571 represents a critical memory corruption flaw within the Sante PACS Server Web Portal component that specifically affects the parsing of DCM files. This issue resides in the server's handling of medical imaging file formats, where DCM files are processed as part of the Picture Archiving and Communication System functionality. The vulnerability stems from insufficient input validation mechanisms that fail to properly sanitize user-supplied data during the parsing process. According to CWE-129, this weakness falls under improper validation of input boundaries, where the application does not adequately verify the integrity and size constraints of incoming DCM file data before processing. The memory corruption occurs when malformed or specially crafted DCM files are submitted through the web portal interface, potentially leading to arbitrary memory access violations that can crash the application or cause system instability.
The operational impact of this vulnerability extends beyond simple service disruption, as it enables authenticated remote attackers to systematically destabilize the PACS server infrastructure. This creates a significant risk for healthcare organizations that rely on continuous availability of medical imaging systems for diagnostic workflows and patient care operations. The requirement for authentication adds a layer of complexity to exploitation but does not eliminate the threat, as compromised credentials or insider threats could still leverage this vulnerability. From an ATT&CK framework perspective, this vulnerability maps to T1499.004 (Authorization Token Manipulation) and T1499.001 (Authorization Token Manipulation) when considering credential compromise scenarios, while also aligning with T1566.001 (Phishing) if attackers gain initial access through social engineering. The denial-of-service condition can result in complete system unavailability, potentially disrupting critical medical imaging services and patient diagnostic procedures that depend on the PACS infrastructure.
Mitigation strategies for this vulnerability should encompass multiple layers of defense to protect against both current exploitation attempts and potential future variants. Organizations should implement immediate patch management procedures to address the specific memory corruption issue within the DCM file parsing module, ensuring that all affected Sante PACS Server installations receive the necessary security updates. Network segmentation and access controls should be strengthened to limit the attack surface, particularly restricting direct web portal access to authorized personnel only. Input validation mechanisms should be enhanced to include comprehensive boundary checks and data sanitization routines that prevent malformed DCM files from reaching the vulnerable parsing components. Additionally, monitoring and logging systems should be configured to detect unusual file upload patterns or abnormal processing behavior that could indicate exploitation attempts. The implementation of application-level firewalls and intrusion detection systems can provide additional protection by identifying and blocking suspicious DCM file content patterns that are characteristic of this vulnerability class. Regular security assessments and penetration testing should be conducted to verify the effectiveness of implemented controls and identify potential additional attack vectors within the PACS environment.