CVE-2025-25475 – A NULL pointer dereference vulnerability in DCM... (How to Fix)

Q: What is the severity of CVE-2025-25475?

CVE-2025-25475 has a CVSS score of 7.5 (HIGH). A NULL pointer dereference vulnerability in DCMTK's DICOM file processing component allows attackers to cause denial of service by sending specially crafted DICOM files. This affects systems running vulnerable versions of DCMTK that process untrusted DICOM files, particularly in healthcare and medical imaging environments.

📋 TL;DR

A NULL pointer dereference vulnerability in DCMTK's DICOM file processing component allows attackers to cause denial of service by sending specially crafted DICOM files. This affects systems running vulnerable versions of DCMTK that process untrusted DICOM files, particularly in healthcare and medical imaging environments.

💻 Affected Systems

Products:

DCMTK (DICOM Toolkit)

Versions: v3.6.9+ DEV versions before the fix

Operating Systems: All platforms running DCMTK

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems that process DICOM files using the vulnerable component. Systems not using DICOM file processing are not affected.

📦 What is this software?

Dcmtk by Offis

View all CVEs affecting Dcmtk →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of DICOM processing applications, potentially affecting medical imaging workflows and patient care systems.

🟠

Likely Case

Application crash or hang when processing malicious DICOM files, requiring manual restart of affected services.

🟢

If Mitigated

Isolated service interruption with minimal impact due to proper segmentation and redundancy controls.

🌐 Internet-Facing: MEDIUM - Exploitation requires sending crafted DICOM files to vulnerable endpoints, which may be exposed in some medical imaging deployments.

🏢 Internal Only: MEDIUM - Internal medical imaging systems processing untrusted DICOM files remain vulnerable to insider threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires crafting a malicious DICOM file and delivering it to a vulnerable system. No authentication bypass is needed if the system accepts DICOM files from untrusted sources.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after commit bffa3e9116abb7038b432443f16b1bd390e80245

Vendor Advisory: https://lists.debian.org/debian-lts-announce/2025/06/msg00025.html

Restart Required: No

Instructions:

1. Update DCMTK to a patched version. 2. Rebuild applications using DCMTK libraries. 3. Test DICOM processing functionality after update.

🔧 Temporary Workarounds

Input Validation

all

Implement strict input validation for DICOM files before processing

Process Isolation

all

Run DICOM processing in isolated containers or sandboxes to limit crash impact

🧯 If You Can't Patch

Implement network segmentation to restrict DICOM file sources to trusted systems only
Deploy application monitoring with automatic restart capabilities for crash detection

🔍 How to Verify

Check if Vulnerable:

Check DCMTK version and verify if it includes the vulnerable commit. Review if /libsrc/dcrleccd.cc component is used.

Check Version:

dcmdump --version 2>&1 | grep -i version

Verify Fix Applied:

Verify DCMTK version is updated beyond the vulnerable commit. Test with known safe DICOM files to ensure functionality.

📡 Detection & Monitoring

Log Indicators:

Application crashes or segmentation faults in DICOM processing logs
Unexpected termination of DCMTK-related processes

Network Indicators:

Unusual DICOM file transfers from untrusted sources
Multiple failed DICOM processing attempts

SIEM Query:

source="application_logs" AND (process="dc*" OR process="*dcm*") AND (event="segmentation fault" OR event="crash" OR event="SIGSEGV")

📊 Metadata

CVE ID: CVE-2025-25475

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.58% exploit probability (68.3th percentile)

Published: February 18, 2025

Last Updated: November 4, 2025

🔗 References

https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=bffa3e9116abb7038b432443f16b1bd390e80245 Patch
https://github.com/DCMTK/dcmtk/commit/bffa3e9116abb7038b432443f16b1bd390e80245 Patch
https://lists.debian.org/debian-lts-announce/2025/06/msg00025.html Mailing List,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-25475, you might also want to check these: