CVE-2024-44825 is a directory traversal vulnerability identified in InVesalius3 version 3.1.99995, a medical imaging software produced by the Brazilian research center Centro de Tecnologia da Informacao Renato Archer. The vulnerability arises from insufficient validation of file paths within .inv3 files, which are used by the software. An attacker can craft a malicious .inv3 file containing directory traversal sequences (e.g., ../) that bypass normal file path restrictions, allowing arbitrary file writes to locations outside the intended directories. This can lead to overwriting or creating files anywhere on the system where the software has write permissions. The vulnerability does not require any authentication or user interaction, making remote exploitation feasible if the attacker can deliver the malicious file to the target system. The CVSS 3.1 base score of 7.5 reflects the network attack vector, low attack complexity, no privileges required, and no user interaction, with a high impact on integrity but no impact on confidentiality or availability. While no public exploits are currently known, the potential for attackers to modify system files could facilitate privilege escalation, persistence, or deployment of malware. The vulnerability is classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), a common and critical security weakness. No patches or fixes have been published yet, so organizations must implement interim mitigations and monitor for suspicious activity involving .inv3 files.

For European organizations, particularly those in the healthcare sector using InVesalius3 for medical imaging, this vulnerability poses a significant risk to system integrity. Successful exploitation could allow attackers to write arbitrary files, potentially leading to unauthorized code execution, system manipulation, or disruption of medical imaging workflows. This could compromise patient data integrity, disrupt clinical operations, and damage trust in healthcare IT systems. Given the critical nature of healthcare services and the sensitivity of medical data, the impact extends beyond IT to patient safety and regulatory compliance under GDPR and healthcare regulations. The lack of authentication or user interaction requirements increases the risk of remote exploitation, especially if attackers can deliver malicious .inv3 files via phishing, compromised update mechanisms, or insider threats. The absence of known exploits currently limits immediate widespread impact, but the high severity score and potential consequences necessitate urgent attention.

1. Immediately restrict and monitor the ingestion of .inv3 files from untrusted or external sources to prevent delivery of crafted malicious files. 2. Implement file integrity monitoring on directories where InVesalius3 writes files to detect unauthorized changes. 3. Employ application whitelisting and least privilege principles to limit the software's write permissions to only necessary directories. 4. Use network segmentation to isolate systems running InVesalius3 from untrusted networks and limit exposure. 5. Monitor logs and alerts for unusual file write activities or errors related to .inv3 file processing. 6. Engage with the software vendor or maintainers to obtain patches or updates addressing this vulnerability as soon as they become available. 7. Educate staff on the risks of opening or importing files from unknown sources, emphasizing secure handling of medical imaging files. 8. Consider deploying endpoint detection and response (EDR) solutions to identify suspicious behaviors indicative of exploitation attempts.