MicroDicom Releases Security Update for DICOM Viewer

CVE-2025-5943 could allow a remote unauthenticated attacker to execute arbitrary code on affected installations of DICOM Viewer

Threat ID:: CC-4667
Threat Severity:: Medium
Published:: 11 June 2025 1:52 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

CVE-2025-5943 could allow a remote unauthenticated attacker to execute arbitrary code on affected installations of DICOM Viewer

Affected platforms

The following platforms are known to be affected:

Versions: 2025.2 (Build 8154) and prior

MicroDicom DICOM Viewer

Threat details

Introduction

The US Cybersecurity and Infrastructure Agency (CISA) has released an Industrial Control Systems (ICS) Medical Advisory for a vulnerability in MicroDicom DICOM Viewer. DICOM Viewer is an application for primary processing and preservation of medical images in DICOM format.

CVE-2025-5943 is an "out-of-bounds write" vulnerability with a CVSSv4 base score of 8.6. Successful exploitation requires a user to open a specially crafted DICOM file or visit a malicious website, and could allow a remote unauthenticated attacker to execute arbitrary code on affected installations of DICOM Viewer.

Remediation advice

Affected organisations are encouraged to review CISA advisory ICSMA-25-160-01 and update MicroDicom DICOM Viewer to version 2025.3 or later.

Definitive source of threat updates

CVE Vulnerabilities

Status Published

CVE-2025-5943

MicroDicom DICOM Viewer suffers from an out-of-bounds write vulnerability. Remote attackers are able to exploit this issue to potentially execute arbitrary code on affected installations of DICOM Viewer. User interaction is required to exploit the vulnerability in that the user must either visit a malicious website or open a malicious DICOM file locally.

Last edited: 11 June 2025 1:53 pm