CVE-2025-2263 Information

Description

During login to the web server in \Sante PACS Server.exe\ OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflow exists if a long encrypted username or password is supplied by an unauthenticated remote attacker.

Reference

https://www.tenable.com/security/research/tra-2025-08 https://www.tenable.com/security/research/tra-2025-08