CVE-2025-2264 PoC — Santesoft Sante PACS Server 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-2264.yaml

Associated Vulnerability

Title:Santesoft Sante PACS Server 安全漏洞 (CVE-2025-2264)
Description:Santesoft Sante PACS Server是塞浦路斯Santesoft公司的一个符合 DICOM 3.0 的PACS 服务器、Modality Worklist 服务器、用于 DICOM 文件的 HTTP（Web）服务器以及 CD/DVD 刻录和打印服务器。用于存储、存档、管理、查看和刻录医学图像。 Santesoft Sante PACS Server 4.1.0版本存在安全漏洞，该漏洞源于路径遍历信息泄露，可能导致未认证远程攻击者下载任意文件。

Description

A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed.

File Snapshot


 id: CVE-2025-2264

info:
  name: Sante PACS Server.exe - Path Traversal Information Disclosure
  aut

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!