CVE-2025-2263

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Sante PACS Server (affected versions not specified)

Description The issue is related to a stack-based buffer overflow in the OpenSSL function EVP DecryptUpdate, which is called during login to the web server in Sante PACS Server.exe. This function is used to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. If a long encrypted username or password is supplied by an unauthenticated remote attacker, a stack-based buffer overflow exists. This can allow a remote attacker to execute arbitrary code.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Memory Corruption

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-787CWE-121

Related Identifiers

BDU:2025-03001

CVE-2025-2263

Affected Products

Openssl

Sante Pacs Server.Exe

CVE-2025-2263

Weakness Enumeration

Related Identifiers

Affected Products

References · 23