CVE-2025-9732 is a medium-severity memory corruption vulnerability identified in the DCMTK (DICOM Toolkit) library versions up to 3.6.9. The vulnerability resides in an unspecified function within the header file diybrpxt.h, part of the dcm2img component responsible for image processing in the DICOM standard. Exploitation of this vulnerability requires local access and low privileges, meaning an attacker must have some level of access to the affected system but does not require elevated privileges or user interaction. The vulnerability can lead to memory corruption, which may cause application crashes, data corruption, or potentially enable further exploitation such as arbitrary code execution depending on the context and memory layout. The CVSS 4.0 base score is 4.8, reflecting a medium severity with local attack vector, low complexity, no user interaction, and limited impact on confidentiality, integrity, and availability. No known exploits are currently reported in the wild. A patch identified by commit 7ad81d69b has been released to address this issue, and applying this patch is recommended to mitigate the risk. DCMTK is widely used in medical imaging environments to handle DICOM files, which are standard in healthcare for storing and transmitting medical images. The vulnerability’s impact is therefore primarily relevant to healthcare organizations and any entities processing DICOM images using affected DCMTK versions.

For European organizations, particularly those in the healthcare sector, this vulnerability poses a risk to the integrity and availability of medical imaging systems. Exploitation could disrupt diagnostic workflows by causing application crashes or corrupting image data, potentially delaying patient care or leading to misdiagnosis. Although the vulnerability requires local access, insider threats or compromised internal systems could leverage this flaw to escalate privileges or execute arbitrary code, further compromising sensitive patient data and system integrity. Given the critical role of medical imaging in healthcare delivery and the strict regulatory environment in Europe (e.g., GDPR, NIS Directive), any compromise or disruption could have significant operational, legal, and reputational consequences. Additionally, healthcare providers often operate interconnected systems, so a compromised imaging system could serve as a pivot point for broader network intrusion.

European healthcare organizations should prioritize patching affected DCMTK versions to 3.6.10 or later where the vulnerability is fixed. Since exploitation requires local access, organizations should enforce strict access controls and network segmentation to limit exposure of systems running DCMTK. Implementing robust endpoint security solutions and continuous monitoring can help detect suspicious activities indicative of exploitation attempts. Regular audits of user privileges and system access logs are recommended to identify and mitigate insider threats. Additionally, organizations should ensure that all medical imaging software and related dependencies are kept up to date and that secure coding and deployment practices are followed. Backup and recovery procedures should be tested to minimize impact in case of data corruption or system compromise. Finally, raising awareness among IT and security staff about this specific vulnerability will help in early detection and response.