CVE-2025-36521: CWE-125 Out-of-bounds Read in MicroDicom DICOM Viewer
MicroDicom DICOM Viewer is vulnerable to an out-of-bounds read which may allow an attacker to cause memory corruption within the application. The user must open a malicious DCM file for exploitation.
AI Analysis
Technical Summary
CVE-2025-36521 is a high-severity vulnerability identified in the MicroDicom DICOM Viewer, a software application used for viewing medical imaging files in the DICOM format. The vulnerability is classified as CWE-125, indicating an out-of-bounds read flaw. This type of vulnerability occurs when the application reads data outside the boundaries of allocated memory buffers, potentially leading to memory corruption. In this case, exploitation requires a user to open a specially crafted malicious DICOM (.DCM) file. Once triggered, the out-of-bounds read can cause the application to access invalid memory regions, which may result in application crashes, data leakage, or could be leveraged by an attacker to execute arbitrary code or escalate privileges within the context of the vulnerable application. The CVSS v3.1 base score of 8.8 reflects the high impact on confidentiality, integrity, and availability, with network attack vector, low attack complexity, no privileges required, but user interaction needed (opening the malicious file). No patches have been published yet, and there are no known exploits in the wild at the time of reporting. The vulnerability affects all versions of MicroDicom DICOM Viewer as indicated by the affectedVersions field. Given the critical role of DICOM viewers in healthcare environments for diagnostic imaging, this vulnerability poses a significant risk to the confidentiality and integrity of sensitive medical data and the availability of diagnostic tools.
Potential Impact
For European organizations, particularly healthcare providers, hospitals, and medical imaging centers, this vulnerability presents a substantial risk. Exploitation could lead to unauthorized disclosure of sensitive patient imaging data, undermining patient privacy and violating GDPR regulations. Additionally, memory corruption could cause denial of service conditions, disrupting clinical workflows and delaying critical diagnoses. In worst-case scenarios, attackers might achieve remote code execution, enabling further network compromise or ransomware deployment within healthcare IT infrastructure. The impact extends beyond individual organizations to national healthcare systems, potentially affecting patient care continuity and trust. Given the reliance on MicroDicom in various European medical institutions, the vulnerability could be leveraged in targeted attacks against healthcare providers, especially those with less mature cybersecurity defenses or outdated software versions.
Mitigation Recommendations
1. Immediate mitigation involves restricting the use of MicroDicom DICOM Viewer to trusted sources and avoiding opening DICOM files from unverified or external origins. 2. Implement network-level controls such as email and web gateway filtering to detect and block malicious DICOM files before reaching end users. 3. Employ endpoint protection solutions capable of detecting anomalous behavior or memory corruption attempts within the DICOM viewer process. 4. Segregate medical imaging systems from general IT networks to limit lateral movement in case of compromise. 5. Monitor application logs and system behavior for crashes or unusual activity related to the DICOM viewer. 6. Coordinate with MicroDicom vendor for timely patch deployment once available, and plan for rapid update cycles. 7. Conduct user awareness training focused on the risks of opening untrusted medical imaging files. 8. Consider alternative DICOM viewers with a strong security track record as a temporary measure if patching is delayed.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Sweden, Belgium, Poland, Austria
CVE-2025-36521: CWE-125 Out-of-bounds Read in MicroDicom DICOM Viewer
Description
MicroDicom DICOM Viewer is vulnerable to an out-of-bounds read which may allow an attacker to cause memory corruption within the application. The user must open a malicious DCM file for exploitation.
AI-Powered Analysis
Technical Analysis
CVE-2025-36521 is a high-severity vulnerability identified in the MicroDicom DICOM Viewer, a software application used for viewing medical imaging files in the DICOM format. The vulnerability is classified as CWE-125, indicating an out-of-bounds read flaw. This type of vulnerability occurs when the application reads data outside the boundaries of allocated memory buffers, potentially leading to memory corruption. In this case, exploitation requires a user to open a specially crafted malicious DICOM (.DCM) file. Once triggered, the out-of-bounds read can cause the application to access invalid memory regions, which may result in application crashes, data leakage, or could be leveraged by an attacker to execute arbitrary code or escalate privileges within the context of the vulnerable application. The CVSS v3.1 base score of 8.8 reflects the high impact on confidentiality, integrity, and availability, with network attack vector, low attack complexity, no privileges required, but user interaction needed (opening the malicious file). No patches have been published yet, and there are no known exploits in the wild at the time of reporting. The vulnerability affects all versions of MicroDicom DICOM Viewer as indicated by the affectedVersions field. Given the critical role of DICOM viewers in healthcare environments for diagnostic imaging, this vulnerability poses a significant risk to the confidentiality and integrity of sensitive medical data and the availability of diagnostic tools.
Potential Impact
For European organizations, particularly healthcare providers, hospitals, and medical imaging centers, this vulnerability presents a substantial risk. Exploitation could lead to unauthorized disclosure of sensitive patient imaging data, undermining patient privacy and violating GDPR regulations. Additionally, memory corruption could cause denial of service conditions, disrupting clinical workflows and delaying critical diagnoses. In worst-case scenarios, attackers might achieve remote code execution, enabling further network compromise or ransomware deployment within healthcare IT infrastructure. The impact extends beyond individual organizations to national healthcare systems, potentially affecting patient care continuity and trust. Given the reliance on MicroDicom in various European medical institutions, the vulnerability could be leveraged in targeted attacks against healthcare providers, especially those with less mature cybersecurity defenses or outdated software versions.
Mitigation Recommendations
1. Immediate mitigation involves restricting the use of MicroDicom DICOM Viewer to trusted sources and avoiding opening DICOM files from unverified or external origins. 2. Implement network-level controls such as email and web gateway filtering to detect and block malicious DICOM files before reaching end users. 3. Employ endpoint protection solutions capable of detecting anomalous behavior or memory corruption attempts within the DICOM viewer process. 4. Segregate medical imaging systems from general IT networks to limit lateral movement in case of compromise. 5. Monitor application logs and system behavior for crashes or unusual activity related to the DICOM viewer. 6. Coordinate with MicroDicom vendor for timely patch deployment once available, and plan for rapid update cycles. 7. Conduct user awareness training focused on the risks of opening untrusted medical imaging files. 8. Consider alternative DICOM viewers with a strong security track record as a temporary measure if patching is delayed.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- icscert
- Date Reserved
- 2025-04-28T16:40:48.814Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9839c4522896dcbec6d1
Added to database: 5/21/2025, 9:09:13 AM
Last enriched: 6/25/2025, 9:11:56 PM
Last updated: 7/31/2025, 2:15:10 PM
Views: 11
Related Threats
Researcher to release exploit for full auth bypass on FortiWeb
HighCVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.