CVE-2025-0572 Santesoft CVE debrief

Who should care

Healthcare IT and security teams, PACS administrators, and incident responders responsible for Santesoft Sante PACS Server deployments, especially systems that are reachable from broader internal or external networks.

Technical summary

The CISA CSAF advisory describes a flaw in the Sante PACS Server Web Portal where DCM files can be used to create arbitrary files on the server. The supplied CVSS v3.1 vector is AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N, which points to a remotely reachable issue that requires low privileges and no user interaction, with integrity impact but no confidentiality or availability impact in the provided assessment.

Defensive priority

Patch promptly, prioritizing exposed or clinically critical PACS deployments.

Recommended defensive actions

• Update Sante PACS Server to version 4.2.3 or later using the vendor remediation guidance.
• Restrict access to the PACS web portal to trusted networks and authenticated administrative users.
• Monitor for unexpected file creation or modification in application and server directories.
• Review file-system permissions and reduce write access for the application service account where operationally feasible.
• Apply CISA ICS defense-in-depth and recommended practices for segmentation, access control, and recovery planning.

Evidence notes

This debrief is based only on the supplied CISA CSAF advisory ICSMA-25-224-01, which was published and modified on 2025-08-12, plus the official CVE and vendor remediation references included in the corpus. The corpus states that Sante PACS Server Web Portal allows remote attackers to use DCM files to create arbitrary files, and that Santesoft recommends updating to version 4.2.3 or later. No KEV entry, ransomware association, or exploit details are present in the supplied source set.

Official resources