Out-Of-Bounds Write Vulnerability in Sante DICOM Viewer Pro
CVE-2025-5481

7.8HIGH

Key Information:

Vendor: Sante
Status: Dicom Viewer Pro
Vendor: CVE Published:; 6 June 2025

What is CVE-2025-5481?

A vulnerability exists within the parsing process of DCM files in Sante DICOM Viewer Pro, allowing remote attackers to execute arbitrary code. By sending specially crafted DCM files, attackers can exploit insufficient validation of user-supplied data, leading to a write operation beyond the boundary of allocated memory. This situation opens the door for executing code in the context of the affected application, thereby compromising the security of the system. The exploitation requires user interaction as the target must either visit a malicious webpage or open a compromised file.

Affected Version(s)

DICOM Viewer Pro 14.1.2.0

References

https://www.zerodayinitiative.com/advisories/ZDI-25-324/

x_research-advisory

CVSS V3.0

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 6, 2025
Vulnerability Reserved
Jun 2, 2025