1. EXECUTIVE SUMMARY
- CVSS v4 8.6
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: MicroDicom
- Equipment: DICOM Viewer
- Vulnerability: Out-of-bounds Write
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on affected installations of DICOM Viewer.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following MicroDicom products are affected:
- DICOM Viewer: Versions 2025.2 (Build 8154) and prior
3.2 VULNERABILITY OVERVIEW
3.2.1 OUT-OF-BOUNDS WRITE CWE-787
DICOM Viewer suffers from an out-of-bounds write vulnerability. Remote attackers are able to exploit this issue to potentially execute arbitrary code on affected installations of DICOM Viewer. User interaction is required to exploit the vulnerability in that the user must either visit a malicious website or open a malicious DICOM file locally.
CVE-2025-5943 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2025-5943. A base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Healthcare and Public Health
- COUNTRIES/AREAS DEPLOYED: Worldwide
- COMPANY HEADQUARTERS LOCA
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article: