CVE-2025-54156

Published: Aug 18, 2025Modified: Oct 17, 2025

9.1

Vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: ics-cert@hq.dhs.gov (Secondary)

Description

The Sante PACS Server Web Portal sends credential information without encryption.

Affected (1)

Products: Santesoft: Sante Pacs Server

1 product

Sante Pacs Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Santesoft Sante Pacs Server	Before 4.2.3

Related CWEs

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (1)

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-224-01

Source: ics-cert@hq.dhs.gov

MitigationThird Party AdvisoryUS Government Resource

Timeline

No history available yet.