Cyber Resilience

CVE-2025-2581

Medium

Published: 21 March 2025

Published
21 March 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0012 29.9th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2581 is a medium-severity Wrap or Wraparound (CWE-191) vulnerability in Xmedcon Project Xmedcon. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 29.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-11 (Error Handling).

Deeper analysis

CVE-2025-2581 is an integer underflow vulnerability (CWE-189, CWE-191) affecting the malloc function in the DICOM File Handler component of xmedcon version 0.25.0. Published on 2025-03-21, it carries a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L), indicating medium severity with potential for limited disruption.

An unauthenticated attacker can exploit this remotely by supplying a malicious DICOM file that triggers the underflow during processing. Exploitation requires user interaction, such as opening the file in xmedcon, and results in a denial-of-service condition through application crash, with no impact on confidentiality or integrity.

Advisories recommend upgrading to xmedcon version 0.25.1 to remediate the issue. Details are documented in VulDB entries (ctiid.300541, id.300541, submit.522216), the xmedcon project release notes, and a Debian LTS announcement.

EU & UK References

Vulnerability details

A vulnerability has been found in xmedcon 0.25.0 and classified as problematic. Affected by this vulnerability is the function malloc of the component DICOM File Handler. The manipulation leads to integer underflow. The attack can be launched remotely. Upgrading to…

more

version 0.25.1 is able to address this issue. It is recommended to upgrade the affected component.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

The integer underflow vulnerability (CWE-191) in xmedcon's DICOM file handler causes memory corruption (SIGBUS), enabling remote exploitation of client-side software for code execution (T1203) or denial-of-service via crash (T1499.004) when a user processes a malformed DICOM file.

CVEs Like This One

CVE-2024-57823Shared CWE-191
CVE-2025-2176Shared CWE-189
CVE-2025-2177Shared CWE-189
CVE-2026-7736Shared CWE-189, CWE-191
CVE-2026-37231Shared CWE-191
CVE-2026-40386Shared CWE-191
CVE-2026-25104Shared CWE-191
CVE-2025-0727Shared CWE-191
CVE-2026-31417Shared CWE-191
CVE-2026-34064Shared CWE-191

Affected Assets

xmedcon project
xmedcon
0.25.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw remediation requires timely patching of the integer underflow vulnerability by upgrading xmedcon to version 0.25.1, directly eliminating the exploitable condition.

prevent

Information input validation scrutinizes DICOM files for malformed data that triggers the integer underflow in the malloc function during remote file processing.

prevent

Error handling ensures graceful management of integer underflow errors in the DICOM file handler to prevent application crashes and denial-of-service.

References