CVE-2025-14607 is a memory corruption vulnerability identified in the OFFIS DCMTK library, a widely used open-source toolkit for handling DICOM (Digital Imaging and Communications in Medicine) files. The flaw resides in the function DcmByteString::makeDicomByteString within the dcmdata component (file dcmdata/libsrc/dcbytstr.cc). This function improperly handles certain input data, leading to memory corruption when processing crafted DICOM byte strings. The vulnerability can be exploited remotely without requiring authentication or user interaction, making it a network-exploitable flaw. The CVSS 4.0 base score of 5.3 reflects a medium severity, considering the attack vector is network-based with low attack complexity and no privileges required, but with limited impact on confidentiality, integrity, and availability. The vulnerability does not require user interaction and affects all DCMTK versions from 3.6.0 through 3.6.9. The issue was patched in version 3.7.0, with the fix identified by commit 4c0e5c10079392c594d6a7abd95dd78ac0aa556a. While no known exploits are currently in the wild, the potential for denial of service or limited code execution exists if exploited. Given DCMTK's role in medical imaging workflows, successful exploitation could disrupt healthcare operations or compromise patient data integrity.

For European organizations, particularly those in the healthcare sector, this vulnerability poses a risk to the confidentiality, integrity, and availability of medical imaging data. Exploitation could lead to denial of service conditions, interrupting diagnostic workflows and potentially delaying critical patient care. Although the impact on confidentiality and integrity is rated low, any disruption in medical imaging systems can have serious operational consequences. The vulnerability's remote exploitability without authentication increases the risk of attacks originating from external threat actors. Healthcare providers using DCMTK in PACS (Picture Archiving and Communication Systems) or other medical imaging software are especially vulnerable. Additionally, regulatory compliance frameworks such as GDPR and medical device regulations in Europe emphasize the protection of patient data and system availability, making timely remediation critical to avoid legal and reputational repercussions.

European healthcare organizations should prioritize upgrading all instances of DCMTK to version 3.7.0 or later to apply the official patch. Network segmentation should be employed to isolate medical imaging systems from untrusted networks, reducing exposure to remote attacks. Implement strict access controls and monitor network traffic for anomalous activity targeting DICOM services. Employ application-layer firewalls or DICOM-aware security gateways to filter and validate incoming DICOM data streams. Regularly audit and update all medical imaging software dependencies to ensure vulnerabilities are promptly addressed. Additionally, incorporate vulnerability scanning and penetration testing focused on medical imaging infrastructure to detect potential exploitation attempts. Establish incident response plans specific to medical device and imaging system compromises to minimize operational impact.