PatchSiren cyber security CVE debrief
CVE-2025-54862 Santesoft CVE debrief
CVE-2025-54862 affects Santesoft Sante PACS Server’s web portal and is described by CISA as a stored cross-site scripting issue. The advisory says an attacker could inject malicious HTML that redirects a user to a malicious webpage and steals the user’s cookie. CISA published the advisory on 2025-08-12 and the vendor remediation is to update to Sante PACS Server version 4.2.3 or later.
- Vendor
- Santesoft
- Product
- Sante PACS Server
- CVSS
- MEDIUM 5.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2025-08-12
- Advisory published
- 2025-08-12
- Advisory updated
- 2025-08-12
Who should care
Organizations running Santesoft Sante PACS Server, especially administrators of medical imaging environments, web application owners, and security teams responsible for PACS web portals and user sessions.
Technical summary
The source advisory identifies a stored XSS condition in the Sante PACS Server web portal. The supplied CVSS v3.1 vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, which aligns with a network-reachable issue that requires some level of privilege and user interaction. Because the payload is stored and later rendered to users, the main risk is session compromise, unauthorized redirection, and limited integrity/confidentiality impact.
Defensive priority
Medium priority. The vulnerability is publicly disclosed and has a vendor fix path, but the supplied severity and vector indicate limited impact relative to critical issues. Patch planning should still be prompt for any internet-facing or broadly used PACS portal.
Recommended defensive actions
- Upgrade Sante PACS Server to version 4.2.3 or later, per vendor guidance.
- Review web portal inputs and outputs for stored XSS exposure, especially fields that render HTML.
- Harden session handling to reduce cookie theft risk, including secure session flags and short-lived sessions where appropriate.
- Restrict access to the PACS web portal to trusted users and networks where feasible.
- Validate that security controls such as content filtering and output encoding are in place for user-supplied content.
- Monitor for unusual redirects, script injection indicators, and suspicious session activity in the portal.
Evidence notes
All substantive claims are drawn from the supplied CISA CSAF advisory corpus and the embedded vendor remediation note. The source text states the portal is vulnerable to stored cross-site scripting and that an attacker could inject malicious HTML to redirect users and steal cookies. The advisory metadata also supplies the CVSS v3.1 vector and the remediation recommendation to update to version 4.2.3 or later. No exploit details or unsupported impact claims are included.
Official resources
-
CVE-2025-54862 CVE record
CVE.org
-
CVE-2025-54862 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA advisory ICSMA-25-224-01 on 2025-08-12, which is also the CVE published date supplied in the corpus.