CVE-2025-5481
BaseFortify
Publication date: 2025-06-06
Last updated on: 2025-08-14
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| santesoft | dicom_viewer_pro | to 14.2.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Sante DICOM Viewer Pro occurs due to improper validation when parsing DCM files, which leads to an out-of-bounds write past the end of an allocated object. An attacker can exploit this by tricking a user into opening a malicious file or visiting a malicious webpage, allowing the attacker to execute arbitrary code within the context of the current process. [1]
How can this vulnerability impact me? :
Exploitation of this vulnerability can allow an attacker to execute arbitrary code on the affected system, potentially compromising the confidentiality, integrity, and availability of the system and its data. This could lead to unauthorized access, data manipulation, or disruption of services. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, avoid opening untrusted or suspicious DCM files and do not visit untrusted or malicious webpages that could trigger the exploit. Ensure that user interaction with potentially malicious content is minimized. Monitor for updates or patches from the vendor for Sante DICOM Viewer Pro and apply them as soon as they become available. [1]