Skip to main content

CVE-2025-31946: CWE-416 Use After Free in Pixmeo OsiriX MD

Medium
VulnerabilityCVE-2025-31946cvecve-2025-31946cwe-416
Published: Thu May 08 2025 (05/08/2025, 22:41:00 UTC)
Source: CVE
Vendor/Project: Pixmeo
Product: OsiriX MD

Description

Pixmeo OsiriX MD is vulnerable to a local use after free scenario, which could allow an attacker to locally import a crafted DICOM file and cause memory corruption or a system crash.

AI-Powered Analysis

AILast updated: 07/05/2025, 02:55:26 UTC

Technical Analysis

CVE-2025-31946 is a use-after-free vulnerability identified in Pixmeo's OsiriX MD software, a medical imaging application widely used for viewing and processing DICOM files. The vulnerability arises when a locally executed attacker imports a specially crafted DICOM file, triggering a use-after-free condition in the application's memory management. This flaw can lead to memory corruption or cause the system to crash. The vulnerability does not require any authentication or user interaction beyond the import of the malicious file, and it is exploitable locally, meaning an attacker must have access to the system to exploit it. The CVSS 4.0 base score is 6.9 (medium severity), reflecting the local attack vector but high impact on availability due to potential system crashes or memory corruption. The vulnerability is categorized under CWE-416 (Use After Free), which typically allows attackers to manipulate program flow or cause denial of service. No known exploits are currently reported in the wild, and no patches have been published yet. The affected versions are not specifically detailed, but the vulnerability affects OsiriX MD generally. Given the nature of the software—used primarily in medical environments for diagnostic imaging—this vulnerability poses a risk to the stability and reliability of critical healthcare systems if exploited.

Potential Impact

For European organizations, particularly healthcare providers and medical research institutions relying on OsiriX MD for diagnostic imaging, this vulnerability could disrupt clinical workflows by causing application crashes or system instability. Such disruptions may delay patient diagnosis and treatment, impacting patient safety and care quality. Additionally, memory corruption could potentially be leveraged for further exploitation, although no evidence currently suggests remote exploitation or privilege escalation. The local attack requirement limits the threat to insiders or attackers with physical or remote access to the system. However, given the sensitive nature of medical data and the critical role of imaging software, even temporary denial of service or system instability can have significant operational and reputational consequences. Compliance with EU regulations such as GDPR and the Medical Device Regulation (MDR) also means that organizations must address such vulnerabilities promptly to avoid regulatory penalties.

Mitigation Recommendations

European healthcare organizations should implement strict access controls to limit who can import DICOM files into OsiriX MD, ensuring only trusted personnel handle such files. Network segmentation and endpoint security measures should be enforced to prevent unauthorized local access. Regular monitoring for abnormal application behavior or crashes can help detect exploitation attempts early. Until an official patch is released, organizations could consider isolating systems running OsiriX MD from untrusted networks and disabling or restricting the import of external DICOM files where feasible. Additionally, maintaining up-to-date backups and incident response plans tailored to medical imaging systems will reduce downtime impact. Coordination with Pixmeo for timely patch deployment and applying any available vendor mitigations as soon as they are released is critical. Finally, conducting user training to raise awareness about the risks of importing unverified DICOM files can reduce accidental exposure.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
icscert
Date Reserved
2025-04-03T20:57:04.892Z
Cisa Enriched
true
Cvss Version
4.0
State
PUBLISHED

Threat ID: 682d9818c4522896dcbd7aed

Added to database: 5/21/2025, 9:08:40 AM

Last enriched: 7/5/2025, 2:55:26 AM

Last updated: 8/17/2025, 7:12:21 PM

Views: 15

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats