CVE-2025-3482 is a critical security vulnerability identified in MedDream PACS Server, specifically version 7.3.3.840. The vulnerability is a stack-based buffer overflow (CWE-121) that arises during the parsing of DICOM files, which are standard medical imaging data formats. The root cause is the lack of proper validation of the length of user-supplied data before copying it into a fixed-length buffer on the stack. This flaw allows an attacker to overflow the buffer, potentially overwriting the stack memory and enabling arbitrary code execution. Notably, exploitation does not require authentication or user interaction, and the attacker can execute code with the privileges of the service account running the PACS server. Given the nature of the vulnerability, an attacker can remotely send a crafted DICOM file to the server, triggering the overflow and gaining control over the system. The vulnerability has a CVSS v3.0 score of 9.8, indicating critical severity with high impact on confidentiality, integrity, and availability. The vulnerability was reported by the Zero Day Initiative (ZDI) as ZDI-CAN-25826 and was publicly disclosed on May 22, 2025. No known exploits are currently reported in the wild, and no official patches have been linked yet. MedDream PACS Server is a medical imaging archive and communication system widely used in healthcare environments to store and manage medical images. The vulnerability poses a significant risk to healthcare organizations relying on this product for critical patient data management.

For European organizations, particularly healthcare providers, this vulnerability presents a severe risk. Successful exploitation could lead to full system compromise of the PACS server, allowing attackers to access, modify, or delete sensitive patient imaging data, violating patient confidentiality and data protection regulations such as GDPR. The integrity of medical records could be compromised, potentially leading to misdiagnosis or treatment errors. Availability of the PACS service could also be disrupted, impacting clinical workflows and patient care. Given the critical nature of healthcare infrastructure and the reliance on PACS systems for diagnostic imaging, this vulnerability could have cascading effects on hospital operations. Furthermore, the lack of authentication requirement lowers the barrier for attackers, increasing the likelihood of exploitation attempts. European healthcare organizations are subject to strict regulatory compliance and breach notification requirements, so exploitation could also result in significant legal and financial consequences.

Immediate mitigation steps include isolating the MedDream PACS Server from untrusted networks and restricting access to trusted medical network segments only. Network-level filtering should be applied to block or closely monitor incoming DICOM traffic from external or untrusted sources. Implementing strict ingress filtering and deep packet inspection for DICOM files can help detect malformed or suspicious payloads. Organizations should monitor network and system logs for unusual activity related to DICOM file processing. Until an official patch is released, consider deploying virtual patching via intrusion prevention systems (IPS) that can detect and block exploitation attempts targeting this buffer overflow. Additionally, running the PACS server with the least privilege possible and employing application sandboxing or containerization can limit the impact of a successful exploit. Regular backups of PACS data should be maintained to ensure recovery in case of data corruption or ransomware attacks. Finally, organizations should stay alert for vendor advisories and apply patches as soon as they become available.