CVE-2025-36521 is a high-severity vulnerability identified in the MicroDicom DICOM Viewer, a software application used for viewing medical imaging files in the DICOM format. The vulnerability is classified as CWE-125, indicating an out-of-bounds read flaw. This type of vulnerability occurs when the application reads data outside the boundaries of allocated memory buffers, potentially leading to memory corruption. In this case, exploitation requires a user to open a specially crafted malicious DICOM (.DCM) file. Once triggered, the out-of-bounds read can cause the application to access invalid memory regions, which may result in application crashes, data leakage, or could be leveraged by an attacker to execute arbitrary code or escalate privileges within the context of the vulnerable application. The CVSS v3.1 base score of 8.8 reflects the high impact on confidentiality, integrity, and availability, with network attack vector, low attack complexity, no privileges required, but user interaction needed (opening the malicious file). No patches have been published yet, and there are no known exploits in the wild at the time of reporting. The vulnerability affects all versions of MicroDicom DICOM Viewer as indicated by the affectedVersions field. Given the critical role of DICOM viewers in healthcare environments for diagnostic imaging, this vulnerability poses a significant risk to the confidentiality and integrity of sensitive medical data and the availability of diagnostic tools.

For European organizations, particularly healthcare providers, hospitals, and medical imaging centers, this vulnerability presents a substantial risk. Exploitation could lead to unauthorized disclosure of sensitive patient imaging data, undermining patient privacy and violating GDPR regulations. Additionally, memory corruption could cause denial of service conditions, disrupting clinical workflows and delaying critical diagnoses. In worst-case scenarios, attackers might achieve remote code execution, enabling further network compromise or ransomware deployment within healthcare IT infrastructure. The impact extends beyond individual organizations to national healthcare systems, potentially affecting patient care continuity and trust. Given the reliance on MicroDicom in various European medical institutions, the vulnerability could be leveraged in targeted attacks against healthcare providers, especially those with less mature cybersecurity defenses or outdated software versions.

1. Immediate mitigation involves restricting the use of MicroDicom DICOM Viewer to trusted sources and avoiding opening DICOM files from unverified or external origins. 2. Implement network-level controls such as email and web gateway filtering to detect and block malicious DICOM files before reaching end users. 3. Employ endpoint protection solutions capable of detecting anomalous behavior or memory corruption attempts within the DICOM viewer process. 4. Segregate medical imaging systems from general IT networks to limit lateral movement in case of compromise. 5. Monitor application logs and system behavior for crashes or unusual activity related to the DICOM viewer. 6. Coordinate with MicroDicom vendor for timely patch deployment once available, and plan for rapid update cycles. 7. Conduct user awareness training focused on the risks of opening untrusted medical imaging files. 8. Consider alternative DICOM viewers with a strong security track record as a temporary measure if patching is delayed.