CVE-2025-52582 – An out-of-bounds read vulnerability in Grassroo... (How to Fix)

Q: What is the severity of CVE-2025-52582?

CVE-2025-52582 has a CVSS score of 7.4 (HIGH). An out-of-bounds read vulnerability in Grassroot DICOM's Overlay::GrabOverlayFromPixelData function allows attackers to leak sensitive information by providing specially crafted DICOM files. This affects systems running Grassroot DICOM 3.024 that process untrusted DICOM files. The vulnerability enables information disclosure but not code execution.

📋 TL;DR

An out-of-bounds read vulnerability in Grassroot DICOM's Overlay::GrabOverlayFromPixelData function allows attackers to leak sensitive information by providing specially crafted DICOM files. This affects systems running Grassroot DICOM 3.024 that process untrusted DICOM files. The vulnerability enables information disclosure but not code execution.

💻 Affected Systems

Products:

Grassroot DICOM

Versions: 3.024

Operating Systems: All platforms running Grassroot DICOM

Default Config Vulnerable: ⚠️ Yes

Notes: Any system processing DICOM files with the vulnerable version is affected.

📦 What is this software?

Grassroots Dicom by Malaterre

View all CVEs affecting Grassroots Dicom →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sensitive memory contents including credentials, keys, or other application data could be exfiltrated, potentially enabling further attacks.

🟠

Likely Case

Limited information disclosure from application memory, possibly revealing file contents or application state.

🟢

If Mitigated

No impact if proper input validation and memory protections are in place.

🌐 Internet-Facing: MEDIUM - Requires file upload/processing capability, but many DICOM systems are not directly internet-facing.

🏢 Internal Only: MEDIUM - Internal users could exploit if they can submit DICOM files to vulnerable systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting a malicious DICOM file but no authentication is needed to trigger the vulnerability if file processing is accessible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2211

Restart Required: No

Instructions:

1. Monitor Grassroot DICOM vendor for security updates. 2. Apply patches when available. 3. Test in non-production environment first.

🔧 Temporary Workarounds

Input Validation

all

Implement strict validation of DICOM files before processing

Access Control

all

Restrict who can submit DICOM files to vulnerable systems

🧯 If You Can't Patch

Isolate vulnerable systems from untrusted networks
Implement application allowlisting to prevent execution of malicious DICOM files

🔍 How to Verify

Check if Vulnerable:

Check Grassroot DICOM version; if version is 3.024, system is vulnerable.

Check Version:

Check application documentation for version query method (varies by installation)

Verify Fix Applied:

Verify Grassroot DICOM version is updated beyond 3.024 when patch becomes available.

📡 Detection & Monitoring

Log Indicators:

Unusual DICOM file processing errors
Memory access violation logs
Large number of failed DICOM file processing attempts

Network Indicators:

Unusual DICOM file uploads from unexpected sources
Patterns of failed DICOM processing requests

SIEM Query:

source="dicom_server" AND (error="memory" OR error="access")

📊 Metadata

CVE ID: CVE-2025-52582

CVSS v3 Score: 7.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.05% exploit probability (13.5th percentile)

Published: December 16, 2025

Last Updated: January 2, 2026

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2211 Exploit,Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2211 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-52582, you might also want to check these: