CVE-2025-53948
BaseFortify
Publication date: 2025-08-18
Last updated on: 2025-10-17
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| santesoft | sante_pacs_server | to 4.2.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-415 | The product calls free() twice on the same memory address. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Sante PACS Server allows a remote attacker to crash the main thread by sending a specially crafted HL7 message. This causes a denial-of-service condition where the application stops functioning and requires a manual restart. No authentication is needed to exploit this vulnerability.
How can this vulnerability impact me? :
The impact of this vulnerability is a denial-of-service condition on the Sante PACS Server. An attacker can remotely crash the server's main thread, causing the application to stop working until it is manually restarted. This can disrupt services relying on the server and potentially affect availability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately monitor and restrict incoming HL7 messages from untrusted sources to prevent crafted messages from reaching the Sante PACS Server. Since the vulnerability allows remote attackers to crash the main thread without authentication, consider implementing network-level filtering or firewall rules to block suspicious HL7 traffic. Additionally, prepare to manually restart the application if a denial-of-service condition occurs. Applying any available patches or updates from the vendor once released is also recommended.