CVE-2025-3484 is a critical security vulnerability identified in MedDream PACS Server, specifically version 7.3.3.840 of the MedDream PACS Premium product. The vulnerability is a stack-based buffer overflow (CWE-121) that arises during the parsing of DICOM files, which are standard medical imaging data files used extensively in healthcare environments. The root cause is improper validation of the length of user-supplied data before copying it into a fixed-length buffer on the stack. This lack of bounds checking allows an attacker to overflow the buffer, potentially overwriting the stack memory, including the return address, thereby enabling arbitrary code execution. Notably, exploitation does not require authentication or user interaction, and the attack surface is network-exposed since the PACS server processes incoming DICOM files remotely. The vulnerability severity is rated as critical with a CVSS 3.0 score of 9.8, reflecting its high impact on confidentiality, integrity, and availability, combined with ease of exploitation. Successful exploitation would allow an attacker to execute arbitrary code with the privileges of the service account running the PACS server, potentially leading to full system compromise, data theft, or disruption of medical imaging services. This vulnerability was tracked by the Zero Day Initiative as ZDI-CAN-25853 and was publicly disclosed on May 22, 2025. No public exploits are known at this time, and no patches have been linked yet, increasing the urgency for organizations to implement mitigations.

For European healthcare organizations, the impact of this vulnerability could be severe. PACS servers are critical infrastructure components that store and manage medical imaging data essential for diagnostics and treatment. Exploitation could lead to unauthorized access to sensitive patient data, violating GDPR and other data protection regulations, resulting in legal and financial penalties. Additionally, disruption or manipulation of medical images could compromise patient care, potentially causing misdiagnosis or treatment delays. Given the critical nature of healthcare services, any downtime or data integrity issues could have life-threatening consequences. Furthermore, the ability to execute arbitrary code remotely without authentication increases the risk of widespread compromise, lateral movement within hospital networks, and deployment of ransomware or other malware. The vulnerability also poses risks to the confidentiality and integrity of medical records, which are highly regulated in Europe. The absence of known exploits currently provides a window for proactive defense, but the critical severity demands immediate attention.

Since no official patches are currently available, European organizations should implement immediate compensating controls. First, restrict network access to the MedDream PACS Server by isolating it within a segmented network zone with strict firewall rules allowing only trusted systems to communicate with it. Employ network intrusion detection and prevention systems (IDS/IPS) tuned to detect anomalous DICOM file parsing or buffer overflow attempts. Implement strict input validation and filtering at the network perimeter to block malformed or suspicious DICOM files. Monitor logs and network traffic for unusual activity related to the PACS server. Where possible, disable or limit remote DICOM file submissions to only authenticated and authorized sources. Engage with the vendor to obtain timelines for patches and apply them promptly once available. Additionally, conduct regular backups of PACS data and verify their integrity to enable recovery in case of compromise. Finally, ensure that the service account running the PACS server operates with the least privileges necessary to limit the impact of potential exploitation.