CVE-2025-48429 – An out-of-bounds read vulnerability in Grassroo... (How to Fix)

📋 TL;DR

An out-of-bounds read vulnerability in Grassroot DICOM's RLECodec::DecodeByStreams function allows attackers to leak heap memory data by providing a specially crafted DICOM file. This affects systems running Grassroot DICOM 3.024 that process untrusted DICOM files, potentially exposing sensitive information.

💻 Affected Systems

Products:

Grassroot DICOM

Versions: 3.024

Operating Systems: All platforms running Grassroot DICOM

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when processing DICOM files with the affected RLECodec functionality.

📦 What is this software?

Grassroots Dicom by Malaterre

View all CVEs affecting Grassroots Dicom →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sensitive application data, credentials, or system information could be exfiltrated from memory, potentially enabling further attacks or data breaches.

🟠

Likely Case

Information disclosure of heap memory contents, which may include partial application data, configuration details, or other sensitive information from the process memory space.

🟢

If Mitigated

Limited information leakage with no direct code execution, though leaked data could aid in developing further attacks.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting a malicious DICOM file and getting it processed by the vulnerable system. No authentication is needed if file upload/processing is accessible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Monitor Grassroot DICOM vendor for security updates
2. Apply patches when available
3. Test in non-production environment first

🔧 Temporary Workarounds

Restrict DICOM file processing

all

Limit processing of untrusted DICOM files to reduce attack surface

Implement file validation

all

Add validation checks for DICOM files before processing

🧯 If You Can't Patch

Implement strict input validation for DICOM files
Isolate DICOM processing systems from sensitive networks

🔍 How to Verify

Check if Vulnerable:

Check if Grassroot DICOM version is 3.024 and processes DICOM files

Check Version:

Check application version through Grassroot DICOM interface or configuration files

Verify Fix Applied:

Verify updated to patched version when available

📡 Detection & Monitoring

Log Indicators:

Unusual DICOM file processing errors
Memory access violation logs
Large or malformed DICOM file processing

Network Indicators:

Unexpected DICOM file transfers to vulnerable systems
Network traffic patterns indicating information exfiltration

SIEM Query:

source="grassroot_dicom" AND (event_type="error" OR event_type="exception") AND message="*memory*" OR message="*out of bounds*"

📊 Metadata

CVE ID: CVE-2025-48429

CVSS v3 Score: 7.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.06% exploit probability (17th percentile)

Published: December 16, 2025

Last Updated: January 7, 2026

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2214 Exploit,Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2214 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-48429, you might also want to check these: