CVE-2025-2480

Santesoft Sante DICOM Viewer Pro is vulnerable to an out-of-bounds write, which requires a user to open a malicious DCM file, resulting in execution of arbitrary code by a local attacker.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://santesoft.com/win/sante-dicom-viewer-pro/download.html	Product
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-079-01	Mitigation Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:santesoft:dicom_viewer_pro:*:*:*:*:*:*:*:*

History

16 Oct 2025, 20:08

Type	Values Removed	Values Added
CPE		cpe:2.3:a:santesoft:dicom_viewer_pro::::::::
First Time		Santesoft dicom Viewer Pro Santesoft
References	~~() https://santesoft.com/win/sante-dicom-viewer-pro/download.html -~~	() https://santesoft.com/win/sante-dicom-viewer-pro/download.html - Product
References	~~() https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-079-01 -~~	() https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-079-01 - Mitigation, Third Party Advisory, US Government Resource
Summary		(es) Santesoft Sante DICOM Viewer Pro es vulnerable a una escritura fuera de los límites, lo que requiere que un usuario abra un archivo DCM malicioso, lo que resulta en la ejecución de código arbitrario por parte de un atacante local.

20 Mar 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-20 17:15

Updated : 2025-10-16 20:08

NVD link : CVE-2025-2480

Mitre link : CVE-2025-2480

CVE.ORG link : CVE-2025-2480

JSON object : View

Products Affected

santesoft

dicom_viewer_pro

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2025-2480", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.4, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-03-20T17:15:38.523", "references": [{"url": "https://santesoft.com/win/sante-dicom-viewer-pro/download.html", "tags": ["Product"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-079-01", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Santesoft Sante DICOM Viewer Pro is vulnerable to an out-of-bounds write, which requires a user to open a malicious DCM file, resulting in execution of arbitrary code by a local attacker."}, {"lang": "es", "value": "Santesoft Sante DICOM Viewer Pro es vulnerable a una escritura fuera de los l\u00edmites, lo que requiere que un usuario abra un archivo DCM malicioso, lo que resulta en la ejecuci\u00f3n de c\u00f3digo arbitrario por parte de un atacante local."}], "lastModified": "2025-10-16T20:08:41.163", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:santesoft:dicom_viewer_pro:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1AC10EA-0838-4487-A378-C576D5C17C6C", "versionEndExcluding": "14.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}