MicroDicom DICOM Viewer

Plan PatchCVSS 8.8ICS-CERT ICSMA-25-121-01May 1, 2025

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

MicroDicom DICOM Viewer versions 2025.1 Build 3321 and earlier contain out-of-bounds write (CWE-787) and out-of-bounds read (CWE-125) vulnerabilities. Successful exploitation could allow an attacker to disclose information, cause memory corruption, and execute arbitrary code.

What this means

What could happen

An attacker could execute arbitrary code on a workstation running DICOM Viewer, potentially gaining control of the medical imaging system and compromising patient data confidentiality and integrity. Memory corruption could also cause the application to crash, disrupting diagnostic operations.

Who's at risk

Medical imaging specialists and clinical IT staff who manage DICOM Viewer at hospitals, diagnostic centers, and radiology departments should prioritize this update. Any organization using MicroDicom DICOM Viewer for patient imaging workstations is affected.

How it could be exploited

An attacker sends a malicious DICOM file to a user. When the user opens the file in DICOM Viewer, the out-of-bounds memory operations trigger, allowing the attacker to read sensitive memory (including patient data or system information) or write arbitrary code that executes with the privileges of the logged-in user.

Prerequisites

User interaction required: the victim must open a malicious DICOM file in DICOM Viewer
DICOM Viewer version 2025.1 Build 3321 or earlier must be installed
The malicious DICOM file must reach the user (e.g., via email, file share, or compromised medical imaging server)

remotely exploitable via malicious DICOM fileuser interaction required but common workflowhigh CVSS score (8.8)memory corruption can lead to arbitrary code executionpotential to compromise patient data confidentiality and integrity

Exploitability

Unlikely to be exploited — EPSS score 0.4%

Affected products (1)

ProductAffected VersionsFix Status

DICOM Viewer: <=2025.1_Build_3321≤ 2025.1 Build 33212025.2+

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDImplement email filtering to block unsolicited messages and attachments containing DICOM files from external senders

WORKAROUNDTrain users not to open DICOM files from untrusted or unexpected sources

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate DICOM Viewer to version 2025.2 or later

Long-term hardening

0/2

HARDENINGRestrict network access to DICOM Viewer systems; ensure medical imaging workstations are not directly accessible from the internet or untrusted networks

HARDENINGIsolate medical imaging networks from business networks using firewalls and network segmentation

CVEs (2)

CVE-2025-35975 CVE-2025-36521

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9a965eee-53b3-4100-8832-316de56d0fea

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.