CVE-2025-14501
Unknown Unknown - Not Provided
NULL Pointer Dereference DoS in Sante PACS Server HTTP Handling

Publication date: 2025-12-23

Last updated on: 2025-12-23

Assigner: Zero Day Initiative

Description
Sante PACS Server HTTP Content-Length Header Handling NULL Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP Content-Length header. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-26770.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-23
Last Modified
2025-12-23
Generated
2026-06-16
AI Q&A
2025-12-24
EPSS Evaluated
2026-06-15
NVD
CVE-2025-14501
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sante sante_pacs_server 3.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a denial-of-service issue in the Sante PACS Server caused by improper handling of the HTTP Content-Length header. Specifically, the server does not properly validate a pointer before accessing it, which can lead to a NULL pointer dereference. This flaw allows remote attackers to crash the server without needing to authenticate.

Impact Analysis

An attacker can exploit this vulnerability to cause a denial-of-service condition on the affected Sante PACS Server, making the service unavailable. This can disrupt operations relying on the server, potentially causing downtime and impacting availability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14501. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart