Santesoft Releases Security Update for Sante DICOM Viewer Pro

CVE-2025-5307 could allow a local attacker to disclose sensitive information or execute arbitrary code

Threat ID:: CC-4661
Threat Severity:: Medium
Published:: 30 May 2025 11:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

CVE-2025-5307 could allow a local attacker to disclose sensitive information or execute arbitrary code

Affected platforms

The following platforms are known to be affected:

Versions: v14.2.1 and prior

Santesoft Sante DICOM Viewer Pro

Threat details

Introduction

The US Cybersecurity and Infrastructure Security Agency (CISA) has released an Industrial Control Systems (ICS) Medical Advisory for a vulnerability in Santesoft Sante DICOM Viewer Pro. Sante DICOM Viewer Pro is an application for viewing, processing, and editing DICOM-format medical images.

CVE-2025-5307 has a CVSSv4 score of 8.4 and is an 'out-of-bounds read' vulnerability, which means that the product reads data past the end, or before the beginning, of the intended memory buffer. A local attacker could exploit this vulnerability to disclose sensitive information or execute arbitrary code. Active user interaction is required for successful exploitation.

Remediation advice

Affected organisations are encouraged to review CISA advisory ICSMA-25-148-01 and update Sante DICOM Viewer Pro to version 14.2.2 or higher.

Definitive source of threat updates

CVE Vulnerabilities

Status Published

CVE-2025-5307

Santesoft Sante DICOM Viewer Pro contains a memory corruption vulnerability. A local attacker could exploit this issue to potentially disclose information and to execute arbitrary code on affected installations of Sante DICOM Viewer Pro.

Last edited: 30 May 2025 11:00 am