{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T11:33:06.473","vulnerabilities":[{"cve":{"id":"CVE-2025-2263","sourceIdentifier":"vulnreport@tenable.com","published":"2025-03-13T17:15:38.617","lastModified":"2025-04-03T18:20:38.627","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"During login to the web server in \"Sante PACS Server.exe\", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflow exists if a long encrypted username or password is supplied by an unauthenticated remote attacker."},{"lang":"es","value":"Al iniciar sesión en el servidor web en \"Sante PACS Server.exe\", se llama a la función OpenSSL EVP_DecryptUpdate para descifrar el nombre de usuario y la contraseña. Se pasa a la función un búfer fijo de pila de 0x80 bytes como búfer de salida. Se produce un desbordamiento de búfer de pila si un atacante remoto no autenticado proporciona un nombre de usuario o una contraseña cifrados largos."}],"metrics":{"cvssMetricV31":[{"source":"vulnreport@tenable.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"vulnreport@tenable.com","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:santesoft:sante_pacs_server:4.1.0:*:*:*:*:*:*:*","matchCriteriaId":"94D12F49-C02A-4B31-B215-387260205DB3"}]}]}],"references":[{"url":"https://www.tenable.com/security/research/tra-2025-08","source":"vulnreport@tenable.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.tenable.com/security/research/tra-2025-08","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}}]}