admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2025/CVE-2025-05xx/CVE-2025-0573.json
cad-safe-bot beaccf737b Auto-Update: 2025-02-19T21:00:27.184101+00:00
2025-02-19 21:03:55 +00:00

103 lines
3.7 KiB
JSON
Raw Blame History

{
"id": "CVE-2025-0573",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2025-01-30T21:15:14.227",
"lastModified": "2025-02-19T19:26:10.080",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sante PACS Server DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to write files in the context of the current user. Was ZDI-CAN-25309."
},
{
"lang": "es",
"value": "Vulnerabilidad de escritura arbitraria de archivos mediante an\u00e1lisis de archivos y Directory Traversal en Sante PACS Server DCM. Esta vulnerabilidad permite a atacantes remotos crear archivos arbitrarios en las instalaciones afectadas del servidor Sante PACS. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DCM. El problema es el resultado de la falta de validaci\u00f3n adecuada de una ruta proporcionada por el usuario antes de usarla en operaciones con archivos. Un atacante puede aprovechar esta vulnerabilidad para escribir archivos en el contexto del usuario actual. Era ZDI-CAN-25309. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:santesoft:sante_pacs_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.0.10",
"matchCriteriaId": "37DACC13-644B-4297-8E5A-6054A58CB7D3"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-053/",
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink