VYPR
← All advisories
Medium severity5.3NVD Advisory· Published Mar 6, 2025· Updated Apr 15, 2026

CVE-2025-2029

CVE-2025-2029

Description

A vulnerability was found in MicroDicom DICOM Viewer 2025.1 Build 3321. It has been classified as critical. Affected is an unknown function of the file mDicom.exe. The manipulation leads to memory corruption. The attack needs to be approached locally. It is recommended to upgrade the affected component. The vendor quickly confirmed the existence of the vulnerability and fixed it in the latest beta.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A local memory corruption vulnerability in MicroDicom DICOM Viewer 2025.1 Build 3321 allows an attacker to crash or potentially execute code, fixed in the latest beta.

Vulnerability

Details

A memory corruption vulnerability has been discovered in MicroDicom DICOM Viewer 2025.1 Build 3321. The flaw resides in an unspecified function within the mDicom.exe binary and is triggered through local manipulation. The exact nature of the manipulation is not detailed, but the vulnerability is classified as critical by the finder [1].

Exploitation

Vector

Exploitation requires local access to the system running the DICOM Viewer. The attacker must be able to interact with the application or the file system in a way that triggers the memory corruption. No authentication or network access is required, making this a local privilege escalation or denial-of-service vector [1].

Impact

Successful exploitation leads to memory corruption, which can result in a crash of the application or, in more severe cases, arbitrary code execution in the context of the current user. Given the critical rating, the potential for code execution is considered possible, though not confirmed independently [1].

Mitigation

The vendor, MicroDicom, acknowledged the vulnerability and released a fix in the latest beta version of the DICOM Viewer. Users are strongly advised to upgrade to the beta or wait for the next stable release. No workarounds are documented [1].

References
  1. Beta test the MicroDicom DICOM Viewer

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.