CVE-2025-5943: 
MicroDicom DICOM Viewer vulnerability analysis and mitigation

MicroDicom DICOM Viewer suffers from an out-of-bounds write vulnerability identified as CVE-2025-5943, initially disclosed on June 10, 2025. The vulnerability affects DICOM Viewer versions 2025.2 (Build 8154) and prior, a medical imaging software product headquartered in Bulgaria but deployed worldwide in the Healthcare and Public Health sector (CISA Advisory).

The vulnerability is classified as an out-of-bounds write (CWE-787) with a CVSS v3.1 base score of 8.8 (HIGH) and vector string AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. Additionally, it received a CVSS v4.0 score of 8.6 (HIGH) with vector string AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N (CISA Advisory).

Successful exploitation of this vulnerability could allow attackers to execute arbitrary code on affected installations of DICOM Viewer. User interaction is required to exploit the vulnerability in that the user must either visit a malicious website or open a malicious DICOM file locally (CISA Advisory, Wiz).

MicroDicom has released version 2025.3 as a fix for this vulnerability. CISA recommends users update to this version or later. Additional defensive measures include minimizing network exposure for control system devices, placing control systems behind firewalls, isolating them from business networks, and using secure methods like VPNs when remote access is required (CISA Advisory).