Two High-Severity Vulnerabilities Identified in MicroDicom DICOM Viewer
Two high-severity remotely exploitable vulnerabilities have been identified in MicroDicom DICOM Viewer that can be exploited in a low-complexity attack. Successful exploitation of the vulnerabilities could result in memory corruption, code execution, and unauthorized access to patient data. MicroDicom DICOM Viewer is free-to-use software for viewing and manipulating DICOM medical images. The software can also be used to burn DICOM images onto CDs and DVDs that can be viewed without having to install the software.
The out-of-bounds read and write vulnerabilities require user interaction to exploit. A user would need to be convinced to open a malicious DCM file that had been specially crafted by a threat actor, such as in a social engineering or phishing attack. The vulnerabilities were identified by security researcher Michael Heinzl, who reported them to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). At present, there are no indications that the vulnerabilities have been exploited in attacks; however, users are advised to update to the latest version of the software as soon as possible to prevent exploitation.
The vulnerabilities are present in DICOM Viewer versions 2025.1 (Build 3321) and prior, and have been fixed in MicroDicom DICOM Viewer version 2025.2 and later.
- CVE-2025-36521 is an out-of-bounds write vulnerability that can be exploited to execute arbitrary code. The vulnerability has a CVSS v4 severity score of 8.8 (CVSS v3: 8.6)
- CVE-2025-36521 is an out-of-bounds read vulnerability that could be exploited to cause memory corruption within the application. The vulnerability has a CVSS v4 severity score of 8.8 (CVSS: v3 8.6)
In addition to updating to the latest version, MicroDicom recommends several steps to strengthen security against vulnerabilities, such as ensuring the MicroDicom DICOM viewer is not accessible from the Internet, that control system networks and devices are protected by firewalls and are isolated from business networks, and if remote access is required, secure methods are used such as a Virtual Private Network (VPN) running the latest version of the software.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The latest announcement follows a February 2025 disclosure about a medium severity vulnerability that could be exploited in a machine-in-the-middle (MitM) attack, and four high-severity vulnerabilities identified in 2024 and that were disclosed in March and June.
