CVE-2025-35975 MicroDicom CVE debrief

Who should care

Organizations and users running MicroDicom DICOM Viewer, especially healthcare, imaging, and workstation teams that handle DCM files from external or untrusted sources.

Technical summary

The supplied advisory describes an out-of-bounds write in MicroDicom DICOM Viewer with the user interaction condition that a malicious DCM file must be opened for exploitation. The provided CVSS v3.1 vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, reflecting high impact once triggered.

Defensive priority

High

Recommended defensive actions

• Update MicroDicom DICOM Viewer to version 2025.2 or later, per the vendor remediation in the advisory.
• Treat DCM files from untrusted or external sources as potentially malicious and limit where they can be opened.
• Use least-privilege workstation practices and restrict software exposure on systems that do not need DICOM viewing.
• Verify remediation across affected endpoints and keep the CISA advisory and vendor download guidance available for follow-up.

Evidence notes

This debrief is based on the supplied CISA CSAF advisory ICSMA-25-121-01 (published 2025-05-01, revised 2025-05-06) and the vendor remediation noted there. The supplied enrichment does not list a KEV entry or ransomware campaign use.

Official resources