Sante PACS Server Denial-of-Service Vulnerability via Crafted HL7 Messages

Vulnerability

A denial-of-service vulnerability has been identified in Sante PACS Server. The issue allows remote attackers to crash the main thread of the application by sending specially crafted HL7 messages. This disruption causes the application to enter a denial-of-service state, requiring a manual restart to restore functionality. Notably, no authentication is required to exploit this vulnerability.

Impact

Exploitation of this vulnerability leads to a crash of the main application thread, causing a denial-of-service condition that requires a manual restart of the application.

Added: Aug 18, 2025, 10:19 PM

Updated: Aug 18, 2025, 10:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

7.0

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

7.0

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Sante PACS Server Denial-of-Service Vulnerability via Crafted HL7 Messages

Vulnerability

Impact

Affected Products

Sante PACS Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating