OTPulse
FeedAboutContact

MicroDicom DICOM Viewer

Plan Patch8.8ICS-CERT ICSMA-25-160-01Jun 10, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

A buffer overflow vulnerability in MicroDicom DICOM Viewer versions 2025.2_Build_8154 and earlier allows an attacker to execute arbitrary code through a specially crafted DICOM file. The vulnerability requires user interaction to open a malicious file.

What this means
What could happen
An attacker could execute arbitrary code on a workstation running DICOM Viewer, potentially compromising medical imaging systems, stealing patient data, or disrupting diagnostic workflows in healthcare facilities.
Who's at risk
Healthcare organizations and medical imaging centers using MicroDicom DICOM Viewer for viewing and managing medical diagnostic images. This affects imaging workstations in radiology departments, hospitals, clinics, and any facility processing DICOM files for patient diagnosis or archival.
How it could be exploited
An attacker crafts a malicious DICOM file and tricks a user into opening it in DICOM Viewer (via email, file share, or web link). The buffer overflow is triggered when the application parses the file, allowing the attacker to run arbitrary commands on the workstation with the user's privileges.
Prerequisites
  • User interaction required—the victim must open a malicious DICOM file in DICOM Viewer
  • DICOM Viewer version 2025.2_Build_8154 or earlier must be installed
remotely exploitable via malicious fileuser interaction required (moderate attack complexity)buffer overflow can lead to code executionaffects healthcare operations and patient data confidentiality
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (1)
ProductAffected VersionsFix Status
DICOM Viewer: <=2025.2_Build_8154≤ 2025.2 Build 81542025.3 or later
Remediation & Mitigation
0/5
Do now
0/2
HARDENINGEducate users not to open DICOM files from untrusted sources (unsolicited email attachments, unknown file shares, suspicious links)
WORKAROUNDConfigure email filtering to block or flag suspicious DICOM file attachments
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate MicroDicom DICOM Viewer to version 2025.3 or later
HARDENINGRestrict DICOM file access using file-level permissions to prevent unauthorized distribution
Long-term hardening
0/1
HARDENINGImplement network segmentation to isolate DICOM imaging workstations from general business networks and the internet
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/905d4bae-8e9a-4cfd-ba97-bb4c21aca604
MicroDicom DICOM Viewer | CVSS 8.8 - OTPulse