CVE-2025-53618 – An out-of-bounds read vulnerability in Grassroo... (How to Fix)

Q: What is the severity of CVE-2025-53618?

CVE-2025-53618 has a CVSS score of 7.4 (HIGH). An out-of-bounds read vulnerability in Grassroot DICOM's JPEGBITSCodec::InternalCode function allows attackers to leak sensitive information by providing specially crafted DICOM files. This affects systems using Grassroot DICOM 3.024 for medical imaging processing. The vulnerability can be exploited without authentication to read memory contents.

📋 TL;DR

An out-of-bounds read vulnerability in Grassroot DICOM's JPEGBITSCodec::InternalCode function allows attackers to leak sensitive information by providing specially crafted DICOM files. This affects systems using Grassroot DICOM 3.024 for medical imaging processing. The vulnerability can be exploited without authentication to read memory contents.

💻 Affected Systems

Products:

Grassroot DICOM

Versions: 3.024

Operating Systems: All platforms running Grassroot DICOM

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems processing DICOM files with JPEG compression using the vulnerable codec.

📦 What is this software?

Grassroots Dicom by Malaterre

View all CVEs affecting Grassroots Dicom →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Memory disclosure leading to exposure of sensitive patient data, authentication credentials, or system information that could enable further attacks.

🟠

Likely Case

Information leakage from the application's memory space, potentially exposing DICOM metadata or adjacent memory contents.

🟢

If Mitigated

Limited impact with proper input validation and memory protection mechanisms in place.

🌐 Internet-Facing: MEDIUM - Requires file upload capability and specific DICOM processing functionality to be exposed.

🏢 Internal Only: LOW - Typically requires local file access or internal network exploitation vectors.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting a malicious DICOM file and triggering the vulnerable grayscale_convert function.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2210

Restart Required: No

Instructions:

1. Monitor Grassroot DICOM vendor for security updates. 2. Apply patches when available. 3. Test in non-production environment first.

🔧 Temporary Workarounds

Input Validation

all

Implement strict validation of DICOM files before processing

Memory Protection

all

Enable ASLR and other memory protection mechanisms

🧯 If You Can't Patch

Restrict DICOM file processing to trusted sources only
Implement network segmentation to isolate DICOM processing systems

🔍 How to Verify

Check if Vulnerable:

Check if Grassroot DICOM version 3.024 is installed and processing DICOM files

Check Version:

Check application documentation for version identification method

Verify Fix Applied:

Verify updated version is installed and test with known safe DICOM files

📡 Detection & Monitoring

Log Indicators:

Application crashes
Memory access violations
Unusual DICOM file processing errors

Network Indicators:

Unexpected DICOM file uploads
Abnormal data exfiltration patterns

SIEM Query:

source="dicom_server" AND (event="crash" OR event="memory_error")

📊 Metadata

CVE ID: CVE-2025-53618

CVSS v3 Score: 7.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.04% exploit probability (12.8th percentile)

Published: December 16, 2025

Last Updated: January 2, 2026

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2210 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-53618, you might also want to check these: