CVE-2025-5943 MicroDicom CVE debrief

Who should care

Organizations using MicroDicom DICOM Viewer, especially clinical, radiology, imaging, and other teams that process DICOM files or may open files from external or untrusted sources. Security teams should also pay attention because the issue can be triggered remotely but requires user interaction.

Technical summary

The advisory describes an out-of-bounds write in DICOM Viewer. The published CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, reflecting network reachability with required user interaction and the potential for high impact to confidentiality, integrity, and availability. CISA states that exploitation may occur when a user visits a malicious website or opens a malicious DICOM file locally.

Defensive priority

High. The issue is publicly disclosed, remotely reachable, and rated 8.8 HIGH. Because exploitation depends on user interaction, immediate patching and user-facing controls are the best defensive levers.

Recommended defensive actions

• Update MicroDicom DICOM Viewer to version 2025.3 or later.
• Restrict or scrutinize untrusted DICOM files, especially those received by email, download, or removable media.
• Train users not to open unexpected DICOM files or follow links to untrusted websites.
• Use application allowlisting and least-privilege workstation controls where practical.
• Monitor for vendor and CISA updates tied to ICSMA-25-160-01.

Evidence notes

The analysis is based on the CISA CSAF advisory ICSMA-25-160-01 and the linked vendor remediation guidance. The advisory explicitly states the out-of-bounds write condition, the remote code execution potential, the required user interaction, and the recommended fixed version (2025.3 or later). The published CVSS 3.1 vector is included in the source record.

Official resources