MicroDicom DICOM Viewer

Plan PatchCVSS 8.8ICS-CERT ICSMA-25-160-01Jun 10, 2025

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

MicroDicom DICOM Viewer versions 2025.2_Build_8154 and earlier contain a buffer overflow vulnerability (CWE-787) that allows arbitrary code execution when a user opens a specially crafted DICOM image file. The vulnerability has a CVSS score of 8.8 and requires only user interaction with a malicious file to trigger exploitation. MicroDicom has released version 2025.3 or later as a fix.

What this means

What could happen

An attacker could execute arbitrary code on systems running vulnerable versions of DICOM Viewer, potentially allowing them to modify or delete medical imaging data, disrupt diagnostic workflows, or pivot to connected healthcare IT systems.

Who's at risk

Healthcare IT staff and radiologists using MicroDicom DICOM Viewer for medical image review and diagnosis. This impacts any organization running DICOM Viewer versions 2025.2_Build_8154 or earlier, particularly in hospital radiology departments, imaging centers, and remote diagnostic workflows.

How it could be exploited

An attacker would craft a malicious DICOM file and send it to a user via email or host it on a website. When the user opens the file in DICOM Viewer, the vulnerability in the image parsing code allows the attacker's payload to run with the application's privileges, executing arbitrary commands on the system.

Prerequisites

User must open a malicious DICOM file in DICOM Viewer
DICOM Viewer version 2025.2_Build_8154 or earlier must be installed

remotely exploitableuser interaction requiredlow complexity attackno authentication requiredhigh CVSS score (8.8)

Exploitability

Unlikely to be exploited — EPSS score 0.8%

Affected products (1)

ProductAffected VersionsFix Status

DICOM Viewer: <=2025.2_Build_8154≤ 2025.2 Build 81542025.3+

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDDo not open DICOM files from untrusted sources or unsolicited email attachments

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate DICOM Viewer to version 2025.3 or later

Long-term hardening

0/1

HARDENINGIsolate systems running DICOM Viewer from direct internet access and place them behind a firewall

CVEs (1)

CVE-2025-5943

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/905d4bae-8e9a-4cfd-ba97-bb4c21aca604

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.