CVE-2025-5307 Santesoft CVE debrief

Who should care

IT and security teams responsible for Santesoft Sante DICOM Viewer Pro, especially in healthcare or medical imaging environments; endpoint administrators; and users or support teams who allow local interactive access on systems running the viewer.

Technical summary

The advisory describes a memory corruption issue in Sante DICOM Viewer Pro with local attack prerequisites. The supplied CVSS 3.1 vector is AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating that successful exploitation could affect confidentiality, integrity, and availability if a user interacts with the malicious content or workflow. The remediation provided in the source corpus is upgrade to Sante DICOM Viewer Pro v14.2.2.

Defensive priority

High. The issue is locally exploitable but has severe impact potential, including arbitrary code execution, so systems running the affected viewer should be prioritized for patching.

Recommended defensive actions

• Upgrade Sante DICOM Viewer Pro to version v14.2.2 or later using the vendor-provided download path.
• Identify all installations of Sante DICOM Viewer Pro across endpoints and shared workstations, then prioritize remediation on systems used to open untrusted DICOM content.
• Restrict local access on affected systems where practical and apply least-privilege controls for users who do not need administrative rights.
• Monitor for abnormal crashes or memory-corruption symptoms in the viewer until patching is complete.
• Use standard endpoint and application hardening controls to reduce the impact of locally exploitable desktop vulnerabilities.

Evidence notes

All substantive claims in this debrief come from the supplied CISA CSAF advisory for ICSMA-25-148-01 / CVE-2025-5307 and the vendor remediation note pointing to v14.2.2. The supplied metadata also includes the CVSS 3.1 vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H and a same-day initial publication history dated 2025-05-29.

Official resources