CVE-2025-31946: CWE-416 Use After Free in Pixmeo OsiriX MD
Pixmeo OsiriX MD is vulnerable to a local use after free scenario, which could allow an attacker to locally import a crafted DICOM file and cause memory corruption or a system crash.
AI Analysis
Technical Summary
CVE-2025-31946 is a use-after-free vulnerability identified in Pixmeo's OsiriX MD software, a medical imaging application widely used for viewing and processing DICOM files. The vulnerability arises when a locally executed attacker imports a specially crafted DICOM file, triggering a use-after-free condition in the application's memory management. This flaw can lead to memory corruption or cause the system to crash. The vulnerability does not require any authentication or user interaction beyond the import of the malicious file, and it is exploitable locally, meaning an attacker must have access to the system to exploit it. The CVSS 4.0 base score is 6.9 (medium severity), reflecting the local attack vector but high impact on availability due to potential system crashes or memory corruption. The vulnerability is categorized under CWE-416 (Use After Free), which typically allows attackers to manipulate program flow or cause denial of service. No known exploits are currently reported in the wild, and no patches have been published yet. The affected versions are not specifically detailed, but the vulnerability affects OsiriX MD generally. Given the nature of the software—used primarily in medical environments for diagnostic imaging—this vulnerability poses a risk to the stability and reliability of critical healthcare systems if exploited.
Potential Impact
For European organizations, particularly healthcare providers and medical research institutions relying on OsiriX MD for diagnostic imaging, this vulnerability could disrupt clinical workflows by causing application crashes or system instability. Such disruptions may delay patient diagnosis and treatment, impacting patient safety and care quality. Additionally, memory corruption could potentially be leveraged for further exploitation, although no evidence currently suggests remote exploitation or privilege escalation. The local attack requirement limits the threat to insiders or attackers with physical or remote access to the system. However, given the sensitive nature of medical data and the critical role of imaging software, even temporary denial of service or system instability can have significant operational and reputational consequences. Compliance with EU regulations such as GDPR and the Medical Device Regulation (MDR) also means that organizations must address such vulnerabilities promptly to avoid regulatory penalties.
Mitigation Recommendations
European healthcare organizations should implement strict access controls to limit who can import DICOM files into OsiriX MD, ensuring only trusted personnel handle such files. Network segmentation and endpoint security measures should be enforced to prevent unauthorized local access. Regular monitoring for abnormal application behavior or crashes can help detect exploitation attempts early. Until an official patch is released, organizations could consider isolating systems running OsiriX MD from untrusted networks and disabling or restricting the import of external DICOM files where feasible. Additionally, maintaining up-to-date backups and incident response plans tailored to medical imaging systems will reduce downtime impact. Coordination with Pixmeo for timely patch deployment and applying any available vendor mitigations as soon as they are released is critical. Finally, conducting user training to raise awareness about the risks of importing unverified DICOM files can reduce accidental exposure.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Sweden, Belgium, Switzerland, Austria
CVE-2025-31946: CWE-416 Use After Free in Pixmeo OsiriX MD
Description
Pixmeo OsiriX MD is vulnerable to a local use after free scenario, which could allow an attacker to locally import a crafted DICOM file and cause memory corruption or a system crash.
AI-Powered Analysis
Technical Analysis
CVE-2025-31946 is a use-after-free vulnerability identified in Pixmeo's OsiriX MD software, a medical imaging application widely used for viewing and processing DICOM files. The vulnerability arises when a locally executed attacker imports a specially crafted DICOM file, triggering a use-after-free condition in the application's memory management. This flaw can lead to memory corruption or cause the system to crash. The vulnerability does not require any authentication or user interaction beyond the import of the malicious file, and it is exploitable locally, meaning an attacker must have access to the system to exploit it. The CVSS 4.0 base score is 6.9 (medium severity), reflecting the local attack vector but high impact on availability due to potential system crashes or memory corruption. The vulnerability is categorized under CWE-416 (Use After Free), which typically allows attackers to manipulate program flow or cause denial of service. No known exploits are currently reported in the wild, and no patches have been published yet. The affected versions are not specifically detailed, but the vulnerability affects OsiriX MD generally. Given the nature of the software—used primarily in medical environments for diagnostic imaging—this vulnerability poses a risk to the stability and reliability of critical healthcare systems if exploited.
Potential Impact
For European organizations, particularly healthcare providers and medical research institutions relying on OsiriX MD for diagnostic imaging, this vulnerability could disrupt clinical workflows by causing application crashes or system instability. Such disruptions may delay patient diagnosis and treatment, impacting patient safety and care quality. Additionally, memory corruption could potentially be leveraged for further exploitation, although no evidence currently suggests remote exploitation or privilege escalation. The local attack requirement limits the threat to insiders or attackers with physical or remote access to the system. However, given the sensitive nature of medical data and the critical role of imaging software, even temporary denial of service or system instability can have significant operational and reputational consequences. Compliance with EU regulations such as GDPR and the Medical Device Regulation (MDR) also means that organizations must address such vulnerabilities promptly to avoid regulatory penalties.
Mitigation Recommendations
European healthcare organizations should implement strict access controls to limit who can import DICOM files into OsiriX MD, ensuring only trusted personnel handle such files. Network segmentation and endpoint security measures should be enforced to prevent unauthorized local access. Regular monitoring for abnormal application behavior or crashes can help detect exploitation attempts early. Until an official patch is released, organizations could consider isolating systems running OsiriX MD from untrusted networks and disabling or restricting the import of external DICOM files where feasible. Additionally, maintaining up-to-date backups and incident response plans tailored to medical imaging systems will reduce downtime impact. Coordination with Pixmeo for timely patch deployment and applying any available vendor mitigations as soon as they are released is critical. Finally, conducting user training to raise awareness about the risks of importing unverified DICOM files can reduce accidental exposure.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- icscert
- Date Reserved
- 2025-04-03T20:57:04.892Z
- Cisa Enriched
- true
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 682d9818c4522896dcbd7aed
Added to database: 5/21/2025, 9:08:40 AM
Last enriched: 7/5/2025, 2:55:26 AM
Last updated: 8/17/2025, 7:12:21 PM
Views: 15
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.