CVE-2025-27578 is a high-severity vulnerability identified in Pixmeo's OsiriX MD, a medical imaging software widely used for viewing and processing DICOM (Digital Imaging and Communications in Medicine) files. The vulnerability is classified as a Use After Free (CWE-416) flaw, which occurs when the software improperly handles memory by accessing or manipulating memory after it has been freed. Specifically, an attacker can craft a malicious DICOM file that, when loaded by OsiriX MD, triggers memory corruption due to this use after free condition. This memory corruption can lead to a denial-of-service (DoS) condition, causing the application to crash or become unresponsive. The vulnerability does not require any user interaction, privileges, or authentication to exploit, and can be triggered remotely by simply opening or processing the malicious DICOM file. The CVSS v4.0 base score is 8.7, reflecting a high severity due to the ease of exploitation (network vector, no privileges or user interaction required) and the significant impact on availability. No known exploits are currently reported in the wild, and no patches have been released yet. The vulnerability was reserved in early April 2025 and published in May 2025, indicating it is a recent discovery. Given OsiriX MD's role in medical imaging workflows, this vulnerability poses a critical risk to healthcare environments relying on this software for diagnostic imaging and patient care.

For European organizations, particularly healthcare providers, hospitals, and medical research institutions, this vulnerability presents a significant risk. OsiriX MD is used extensively in medical imaging departments to view and analyze DICOM files from various imaging modalities such as MRI, CT, and X-ray. Exploitation could lead to denial-of-service conditions, disrupting critical diagnostic workflows and potentially delaying patient care. The inability to access or process imaging data could impact clinical decision-making and treatment timelines. Moreover, while the current vulnerability is limited to DoS, memory corruption issues sometimes can be escalated to code execution in future variants or related flaws, raising concerns about confidentiality and integrity of sensitive patient data. Disruptions could also affect compliance with European healthcare regulations such as GDPR and the Medical Device Regulation (MDR), which mandate availability and integrity of medical data. Additionally, the lack of authentication or user interaction needed for exploitation increases the threat surface, as attackers could remotely target exposed systems processing DICOM files, including those receiving files from external sources or networks.

Given the absence of an official patch, European organizations should implement immediate compensating controls. First, restrict and monitor the sources of incoming DICOM files, especially those from external or untrusted networks, to prevent malicious files from reaching OsiriX MD systems. Employ network segmentation to isolate medical imaging systems from general enterprise networks and the internet. Use file integrity monitoring and sandboxing solutions to analyze DICOM files before they are opened in OsiriX MD, detecting anomalous or malformed files. Enable strict access controls and logging on systems running OsiriX MD to detect and respond to suspicious activity promptly. Regularly back up critical imaging data and system configurations to enable rapid recovery in case of DoS incidents. Maintain up-to-date antivirus and endpoint detection and response (EDR) solutions capable of identifying exploitation attempts. Finally, monitor Pixmeo’s official channels for patches or updates addressing this vulnerability and plan for immediate deployment once available. Consider engaging with cybersecurity incident response teams specialized in healthcare environments to prepare for potential exploitation scenarios.