CVE-2025-2265 - Vulnerability Details - OpenCVE

The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact total

Vendors	Products
Santesoft	Sante Pacs Server

No data.

No data.

References

Link	Providers
https://www.tenable.com/security/research/tra-2025-08

History

Sun, 13 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00012}`	epss `{'score': 0.00016}`

Mon, 17 Mar 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 13 Mar 2025 16:45:00 +0000

Type	Values Removed	Values Added
Description		The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte
Title		Santesoft Sante PACS Server HTTP.db SHA1 Hash Truncation
Weaknesses		CWE-916
References		https://www.tenable.com/security/research/tra-2025-08
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: tenable

Published: 2025-03-13T16:33:28.145Z

Updated: 2025-03-17T13:57:50.486Z

Reserved: 2025-03-12T18:58:14.121Z

Link: CVE-2025-2265

Vulnrichment

Updated: 2025-03-17T13:57:22.858Z

NVD

Status : Received

Published: 2025-03-13T17:15:38.967

Modified: 2025-03-13T17:15:38.967

Link: CVE-2025-2265

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-2265", "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "state": "PUBLISHED", "assignerShortName": "tenable", "dateReserved": "2025-03-12T18:58:14.121Z", "datePublished": "2025-03-13T16:33:28.145Z", "dateUpdated": "2025-03-17T13:57:50.486Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Sante PACS Server", "vendor": "Santesoft", "versions": [{"status": "affected", "version": "4.1.0"}, {"status": "unaffected", "version": "4.2.0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The password of a web user in \"Sante PACS Server.exe\" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte"}], "value": "The password of a web user in \"Sante PACS Server.exe\" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-916", "description": "CWE-916 Use of Password Hash With Insufficient Computational Effort", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable", "dateUpdated": "2025-03-13T16:33:28.145Z"}, "references": [{"url": "https://www.tenable.com/security/research/tra-2025-08"}], "source": {"discovery": "UNKNOWN"}, "title": "Santesoft Sante PACS Server HTTP.db SHA1 Hash Truncation", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-17T13:56:56.745964Z", "id": "CVE-2025-2265", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-17T13:57:50.486Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2265", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-17T13:56:56.745964Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-17T13:57:22.858Z"}}], "cna": {"title": "Santesoft Sante PACS Server HTTP.db SHA1 Hash Truncation", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Santesoft", "product": "Sante PACS Server", "versions": [{"status": "affected", "version": "4.1.0"}, {"status": "unaffected", "version": "4.2.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.tenable.com/security/research/tra-2025-08"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "The password of a web user in \"Sante PACS Server.exe\" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte", "supportingMedia": [{"type": "text/html", "value": "The password of a web user in \"Sante PACS Server.exe\" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-916", "description": "CWE-916 Use of Password Hash With Insufficient Computational Effort"}]}], "providerMetadata": {"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable", "dateUpdated": "2025-03-13T16:33:28.145Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2265", "state": "PUBLISHED", "dateUpdated": "2025-03-17T13:57:50.486Z", "dateReserved": "2025-03-12T18:58:14.121Z", "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "datePublished": "2025-03-13T16:33:28.145Z", "assignerShortName": "tenable"}, "dataVersion": "5.1"}