A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed.
CVE ID: CVE-2025-2264
CVSS Base Severity: HIGH
CVSS Base Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vendor: Santesoft
Product: Sante PACS Server
http/cves/2025/CVE-2025-2264.yaml
EPSS Score: 56.51% (probability of being exploited)
EPSS Percentile: 97.93% (scored less or equal to compared to others)
EPSS Date: 2025-04-11 (when was this score calculated)