CVE-2025-35975
📋 TL;DR
MicroDicom DICOM Viewer contains an out-of-bounds write vulnerability (CWE-787) that allows arbitrary code execution when a user opens a malicious DCM file. This affects all users of vulnerable MicroDicom versions who process untrusted DICOM files. Attackers can gain full control of the affected system through crafted medical imaging files.
💻 Affected Systems
- MicroDicom DICOM Viewer
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining administrative privileges, data exfiltration, ransomware deployment, and lateral movement within the network.
Likely Case
Local privilege escalation leading to data theft, system manipulation, and persistence establishment on individual workstations.
If Mitigated
Limited to application crash or denial of service if exploit fails or controls prevent full code execution.
🎯 Exploit Status
Exploitation requires user interaction (opening malicious file). No public exploit code available at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific version
Vendor Advisory: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-121-01
Restart Required: Yes
Instructions:
1. Visit MicroDicom official website
2. Download latest version
3. Uninstall current version
4. Install updated version
5. Restart system
🔧 Temporary Workarounds
Restrict DCM file handling
windowsConfigure system to open DCM files with alternative software or disable automatic opening
Application control policies
windowsImplement application whitelisting to prevent unauthorized execution
🧯 If You Can't Patch
- Implement strict file validation for all incoming DICOM files
- Use network segmentation to isolate DICOM viewer systems from critical assets
🔍 How to Verify
Check if Vulnerable:
Check MicroDicom version against vendor advisory. Vulnerable if using version prior to patched release.Check Version:
Open MicroDicom → Help → About to view versionVerify Fix Applied:
Verify installed version matches or exceeds patched version specified in vendor advisory.📡 Detection & Monitoring
Log Indicators:
- Application crashes with memory access violations
- Unusual process creation from MicroDicom executable
- Failed file parsing attempts
Network Indicators:
- Unusual outbound connections from DICOM viewer systems
- File transfers to/from medical imaging systems
SIEM Query:
Process Creation where Image contains 'MicroDicom' and CommandLine contains '.dcm'