CVE-2025-9732 is a medium-severity memory corruption vulnerability identified in the DCMTK (DICOM Toolkit) library versions 3.6.0 through 3.6.9. The vulnerability resides in an unspecified function within the dcmimage/include/dcmtk/dcmimage/diybrpxt.h file, part of the dcm2img component responsible for image processing. Memory corruption vulnerabilities typically occur when a program writes data outside the boundaries of allocated memory, potentially leading to crashes, data corruption, or arbitrary code execution. However, this specific vulnerability requires local access with low privileges (local attack vector with low privileges) and does not require user interaction or authentication. The CVSS 4.0 base score is 4.8, reflecting a medium severity level, primarily due to the limited attack vector and privileges required. No known exploits are currently reported in the wild. The vulnerability can be mitigated by applying the patch identified by commit 7ad81d69b. DCMTK is widely used in medical imaging environments to handle DICOM files, which are standard for storing and transmitting medical images. The vulnerability could be triggered by manipulating image data processed by the vulnerable function, leading to memory corruption and potential instability or compromise of systems handling medical images.

For European organizations, especially healthcare providers and medical imaging centers, this vulnerability poses a risk to the confidentiality, integrity, and availability of medical imaging data. Exploitation could lead to application crashes or potentially allow an attacker with local access to execute arbitrary code, compromising patient data or disrupting medical services. Given the critical nature of healthcare operations and strict data protection regulations such as GDPR, any compromise or downtime could have severe operational and legal consequences. Although remote exploitation is not possible, insider threats or attackers who gain local access (e.g., via compromised credentials or physical access) could leverage this vulnerability. The impact extends to any European entity using DCMTK for medical image processing, including hospitals, diagnostic labs, and medical device manufacturers integrating DCMTK in their products.

European organizations should immediately identify all systems running DCMTK versions 3.6.0 through 3.6.9 and apply the official patch corresponding to commit 7ad81d69b to remediate the vulnerability. Since local access is required, organizations should strengthen internal access controls, including strict user authentication, role-based access, and monitoring of local user activities on systems processing medical images. Implementing endpoint security solutions that detect anomalous behavior or memory corruption attempts can provide additional defense. Regularly auditing and updating medical imaging software and libraries is essential to prevent exploitation of known vulnerabilities. Additionally, organizations should enforce physical security controls to prevent unauthorized local access to critical systems. Incident response plans should be updated to include detection and mitigation steps for memory corruption exploits in medical imaging environments.