Initiatives pour
En tant qu'autorité nationale en matière de cybersécurité, le CCB a développé plusieurs initiatives destinées à des publics spécifiques, qui sont présentées ici.
Warning: Remotely Exploitable Vulnerabilities Identified in Santesoft Sante PACS Server, Patch Immediately!
Image
Publié : 19/08/2025
* Last update: 19/08/2025
* Affected software:: Sante PACS Server prior to 4.2.3
* Type: Denial of Service (DoS) & Cleartext Transmission of Sensitive Data
* CVE/CVSS
→ CVE-2025-54156: CVSS 9.1 (CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N)
→ CVE-2025-53948: CVSS 8.7 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)
Sources
Vendor https://www.santesoft.com/win/sante-pacs-server/whats_new.html
Vendor https://santesoft.com/win/sante-pacs-server/download.html
Risks
CVE-2025-54156 and CVE-2025-53948 can be exploited remotely by an attacker in a low complexity attack. If these vulnerabilities are successfully exploited, an attacker could cause denial of service, steal credentials and sensitive data.
An attacker exploiting these vulnerabilities could severely impact the confidentiality, availability and integrity of affected systems.
Description
CVE-2025-54156 is a critical vulnerability that can be leveraged by a remote attacker in order to steal credentials. This vulnerability results from the fact that the Sante PACS server Web Portal sends credential information in cleartext.
CVE 2025 53948 is a high severity vulnerability all versions of Sante PACS server. Successful exploitation this vulnerability could allow a remote attacker to crash the main thread by sending a crafted HL7 message, triggering a denial-of-service condition.
These vulnerabilities affect all versions of Sante PACS Server prior to 4.2.3 and have been patched in version 4.2.3 and later versions.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
CISA https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-224-01