CVE-2025-35975 is a high-severity vulnerability identified in the MicroDicom DICOM Viewer, a software application used for viewing medical images in the DICOM (Digital Imaging and Communications in Medicine) format. The vulnerability is classified as CWE-787, an out-of-bounds write, which occurs when the software writes data outside the boundaries of allocated memory buffers. This type of flaw can corrupt memory, potentially allowing an attacker to execute arbitrary code on the affected system. Exploitation requires the user to open a specially crafted malicious DICOM (.DCM) file, which triggers the out-of-bounds write condition. The vulnerability has a CVSS v3.1 base score of 8.8, indicating high severity, with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This means the attack can be performed remotely over the network without privileges but requires user interaction (opening the malicious file). The impact includes full compromise of confidentiality, integrity, and availability of the affected system. No patches or fixes have been published at the time of disclosure, and no known exploits are currently observed in the wild. The vulnerability affects version 0 of the MicroDicom DICOM Viewer, which likely refers to an initial or early release version. Given the nature of the software, primarily used in medical environments for diagnostic imaging, the risk is significant for healthcare providers and related organizations that rely on this viewer for patient care and medical image analysis.

For European organizations, especially those in the healthcare sector, this vulnerability poses a critical risk. Medical imaging systems are integral to diagnostics and treatment planning, and compromise of these systems can lead to unauthorized access to sensitive patient data, alteration or destruction of medical images, and disruption of clinical workflows. An attacker exploiting this vulnerability could execute arbitrary code, potentially gaining control over the host system, which may be connected to hospital networks and other critical infrastructure. This could result in data breaches violating GDPR regulations, operational downtime affecting patient care, and reputational damage. Furthermore, since the vulnerability requires user interaction (opening a malicious file), targeted phishing or social engineering campaigns could be used to deliver the exploit. The lack of available patches increases the window of exposure, making timely mitigation essential. The impact extends beyond confidentiality to include integrity and availability, which are crucial in medical contexts where data accuracy and system uptime are vital.

Implement strict email and file filtering controls to block or quarantine unsolicited DICOM files from untrusted sources, reducing the risk of malicious file delivery. Educate healthcare staff and users of MicroDicom DICOM Viewer on the risks of opening files from unknown or untrusted origins, emphasizing verification of file provenance before opening. Isolate systems running MicroDicom DICOM Viewer from broader hospital networks using network segmentation and access controls to limit potential lateral movement if exploitation occurs. Monitor network traffic and system logs for unusual activity related to DICOM file handling or unexpected process behavior indicative of exploitation attempts. Consider deploying endpoint detection and response (EDR) solutions capable of detecting memory corruption exploits and anomalous code execution patterns. If possible, temporarily restrict or disable the use of MicroDicom DICOM Viewer until a vendor patch or update is released, or use alternative, patched DICOM viewers. Maintain up-to-date backups of critical medical imaging data and system configurations to enable recovery in case of compromise or ransomware attacks following exploitation. Engage with MicroDicom vendor support channels to obtain information on forthcoming patches or mitigations and apply updates promptly once available.