Search
Find a vulnerability
Search criteria
6 vulnerabilities by Pixmeo
CVE-2025-31946 (GCVE-0-2025-31946)
Vulnerability from nvd – Published: 2025-05-08 22:41 – Updated: 2025-05-09 13:33
VLAI
Title
Pixmeo OsiriX MD Use After Free
Summary
Pixmeo OsiriX MD is vulnerable to a local use after free scenario, which could allow an attacker to locally import a crafted DICOM file and cause memory corruption or a system crash.
Severity
6.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
Impacted products
Date Public
2025-05-08 17:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31946",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T13:33:25.232968Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T13:33:32.858Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OsiriX MD",
"vendor": "Pixmeo",
"versions": [
{
"lessThanOrEqual": "14.0.1 (Build 2024-02-28)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chizuru Toyama of TXOne Networks and Canaan Kao of TXOne Networks reported these vulnerabilities to CISA."
}
],
"datePublic": "2025-05-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Pixmeo OsiriX MD is vulnerable to a local use after free scenario, which could allow an attacker to locally import a crafted DICOM file and cause memory corruption or a system crash.\u003cbr\u003e"
}
],
"value": "Pixmeo OsiriX MD is vulnerable to a local use after free scenario, which could allow an attacker to locally import a crafted DICOM file and cause memory corruption or a system crash."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T22:41:00.370Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-128-01"
},
{
"url": "https://www.osirix-viewer.com/osirix/osirix-md/"
},
{
"url": "https://www.osirix-viewer.com/about/contact/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePixmeo recommends users to download the latest version of \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.osirix-viewer.com/osirix/osirix-md/\"\u003eOsiriX MD\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eFor additional support regarding OsiriX MD, users should \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.osirix-viewer.com/about/contact/\"\u003econtact Pixmeo\u003c/a\u003e\u0026nbsp;directly.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Pixmeo recommends users to download the latest version of OsiriX MD https://www.osirix-viewer.com/osirix/osirix-md/ .\n\nFor additional support regarding OsiriX MD, users should contact Pixmeo https://www.osirix-viewer.com/about/contact/ \u00a0directly."
}
],
"source": {
"advisory": "ICSMA-25-128-01",
"discovery": "EXTERNAL"
},
"title": "Pixmeo OsiriX MD Use After Free",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-31946",
"datePublished": "2025-05-08T22:41:00.370Z",
"dateReserved": "2025-04-03T20:57:04.892Z",
"dateUpdated": "2025-05-09T13:33:32.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27720 (GCVE-0-2025-27720)
Vulnerability from nvd – Published: 2025-05-08 22:43 – Updated: 2025-05-09 04:03
VLAI
Title
Pixmeo OsiriX MD Cleartext Transmission of Sensitive Information
Summary
The Pixmeo Osirix MD Web Portal sends credential information without encryption, which could allow an attacker to steal credentials.
Severity
7.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
Impacted products
Date Public
2025-05-08 17:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27720",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T04:03:15.144661Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T04:03:25.385Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OsiriX MD",
"vendor": "Pixmeo",
"versions": [
{
"lessThanOrEqual": "14.0.1 (Build 2024-02-28)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chizuru Toyama of TXOne Networks and Canaan Kao of TXOne Networks reported these vulnerabilities to CISA."
}
],
"datePublic": "2025-05-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe Pixmeo Osirix MD Web Portal sends credential information without encryption, which could allow an attacker to steal credentials.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "The Pixmeo Osirix MD Web Portal sends credential information without encryption, which could allow an attacker to steal credentials."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T22:43:28.046Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-128-01"
},
{
"url": "https://www.osirix-viewer.com/osirix/osirix-md/"
},
{
"url": "https://www.osirix-viewer.com/about/contact/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePixmeo recommends users to download the latest version of \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.osirix-viewer.com/osirix/osirix-md/\"\u003eOsiriX MD\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eFor additional support regarding OsiriX MD, users should \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.osirix-viewer.com/about/contact/\"\u003econtact Pixmeo\u003c/a\u003e\u0026nbsp;directly.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Pixmeo recommends users to download the latest version of OsiriX MD https://www.osirix-viewer.com/osirix/osirix-md/ .\n\nFor additional support regarding OsiriX MD, users should contact Pixmeo https://www.osirix-viewer.com/about/contact/ \u00a0directly."
}
],
"source": {
"advisory": "ICSMA-25-128-01",
"discovery": "EXTERNAL"
},
"title": "Pixmeo OsiriX MD Cleartext Transmission of Sensitive Information",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-27720",
"datePublished": "2025-05-08T22:43:28.046Z",
"dateReserved": "2025-04-03T20:57:04.866Z",
"dateUpdated": "2025-05-09T04:03:25.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27578 (GCVE-0-2025-27578)
Vulnerability from nvd – Published: 2025-05-08 22:38 – Updated: 2025-05-09 13:34
VLAI
Title
Pixmeo OsiriX MD Use After Free
Summary
Pixmeo OsiriX MD is vulnerable to a use after free scenario, which could allow an attacker to upload a crafted DICOM file and cause memory corruption leading to a denial-of-service condition.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
Date Public
2025-05-08 17:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27578",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T13:34:08.440479Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T13:34:14.542Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OsiriX MD",
"vendor": "Pixmeo",
"versions": [
{
"lessThanOrEqual": "14.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chizuru Toyama of TXOne Networks and Canaan Kao of TXOne Networks reported these vulnerabilities to CISA."
}
],
"datePublic": "2025-05-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePixmeo OsiriX MD is vulnerable to a use after free scenario, which could allow an attacker to upload a crafted DICOM file and cause memory corruption leading to a denial-of-service condition.\u003c/span\u003e"
}
],
"value": "Pixmeo OsiriX MD is vulnerable to a use after free scenario, which could allow an attacker to upload a crafted DICOM file and cause memory corruption leading to a denial-of-service condition."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T22:38:37.140Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-128-01"
},
{
"url": "https://www.osirix-viewer.com/osirix/osirix-md/"
},
{
"url": "https://www.osirix-viewer.com/about/contact/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePixmeo recommends users to download the latest version of \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.osirix-viewer.com/osirix/osirix-md/\"\u003eOsiriX MD\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eFor additional support regarding OsiriX MD, users should \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.osirix-viewer.com/about/contact/\"\u003econtact Pixmeo\u003c/a\u003e\u0026nbsp;directly.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Pixmeo recommends users to download the latest version of OsiriX MD https://www.osirix-viewer.com/osirix/osirix-md/ .\n\nFor additional support regarding OsiriX MD, users should contact Pixmeo https://www.osirix-viewer.com/about/contact/ \u00a0directly."
}
],
"source": {
"advisory": "ICSMA-25-128-01",
"discovery": "EXTERNAL"
},
"title": "Pixmeo OsiriX MD Use After Free",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-27578",
"datePublished": "2025-05-08T22:38:37.140Z",
"dateReserved": "2025-04-03T20:57:04.881Z",
"dateUpdated": "2025-05-09T13:34:14.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27720 (GCVE-0-2025-27720)
Vulnerability from cvelistv5 – Published: 2025-05-08 22:43 – Updated: 2025-05-09 04:03
VLAI
Title
Pixmeo OsiriX MD Cleartext Transmission of Sensitive Information
Summary
The Pixmeo Osirix MD Web Portal sends credential information without encryption, which could allow an attacker to steal credentials.
Severity
7.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
Impacted products
Date Public
2025-05-08 17:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27720",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T04:03:15.144661Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T04:03:25.385Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OsiriX MD",
"vendor": "Pixmeo",
"versions": [
{
"lessThanOrEqual": "14.0.1 (Build 2024-02-28)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chizuru Toyama of TXOne Networks and Canaan Kao of TXOne Networks reported these vulnerabilities to CISA."
}
],
"datePublic": "2025-05-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe Pixmeo Osirix MD Web Portal sends credential information without encryption, which could allow an attacker to steal credentials.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "The Pixmeo Osirix MD Web Portal sends credential information without encryption, which could allow an attacker to steal credentials."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T22:43:28.046Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-128-01"
},
{
"url": "https://www.osirix-viewer.com/osirix/osirix-md/"
},
{
"url": "https://www.osirix-viewer.com/about/contact/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePixmeo recommends users to download the latest version of \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.osirix-viewer.com/osirix/osirix-md/\"\u003eOsiriX MD\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eFor additional support regarding OsiriX MD, users should \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.osirix-viewer.com/about/contact/\"\u003econtact Pixmeo\u003c/a\u003e\u0026nbsp;directly.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Pixmeo recommends users to download the latest version of OsiriX MD https://www.osirix-viewer.com/osirix/osirix-md/ .\n\nFor additional support regarding OsiriX MD, users should contact Pixmeo https://www.osirix-viewer.com/about/contact/ \u00a0directly."
}
],
"source": {
"advisory": "ICSMA-25-128-01",
"discovery": "EXTERNAL"
},
"title": "Pixmeo OsiriX MD Cleartext Transmission of Sensitive Information",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-27720",
"datePublished": "2025-05-08T22:43:28.046Z",
"dateReserved": "2025-04-03T20:57:04.866Z",
"dateUpdated": "2025-05-09T04:03:25.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-31946 (GCVE-0-2025-31946)
Vulnerability from cvelistv5 – Published: 2025-05-08 22:41 – Updated: 2025-05-09 13:33
VLAI
Title
Pixmeo OsiriX MD Use After Free
Summary
Pixmeo OsiriX MD is vulnerable to a local use after free scenario, which could allow an attacker to locally import a crafted DICOM file and cause memory corruption or a system crash.
Severity
6.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
Impacted products
Date Public
2025-05-08 17:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31946",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T13:33:25.232968Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T13:33:32.858Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OsiriX MD",
"vendor": "Pixmeo",
"versions": [
{
"lessThanOrEqual": "14.0.1 (Build 2024-02-28)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chizuru Toyama of TXOne Networks and Canaan Kao of TXOne Networks reported these vulnerabilities to CISA."
}
],
"datePublic": "2025-05-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Pixmeo OsiriX MD is vulnerable to a local use after free scenario, which could allow an attacker to locally import a crafted DICOM file and cause memory corruption or a system crash.\u003cbr\u003e"
}
],
"value": "Pixmeo OsiriX MD is vulnerable to a local use after free scenario, which could allow an attacker to locally import a crafted DICOM file and cause memory corruption or a system crash."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T22:41:00.370Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-128-01"
},
{
"url": "https://www.osirix-viewer.com/osirix/osirix-md/"
},
{
"url": "https://www.osirix-viewer.com/about/contact/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePixmeo recommends users to download the latest version of \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.osirix-viewer.com/osirix/osirix-md/\"\u003eOsiriX MD\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eFor additional support regarding OsiriX MD, users should \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.osirix-viewer.com/about/contact/\"\u003econtact Pixmeo\u003c/a\u003e\u0026nbsp;directly.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Pixmeo recommends users to download the latest version of OsiriX MD https://www.osirix-viewer.com/osirix/osirix-md/ .\n\nFor additional support regarding OsiriX MD, users should contact Pixmeo https://www.osirix-viewer.com/about/contact/ \u00a0directly."
}
],
"source": {
"advisory": "ICSMA-25-128-01",
"discovery": "EXTERNAL"
},
"title": "Pixmeo OsiriX MD Use After Free",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-31946",
"datePublished": "2025-05-08T22:41:00.370Z",
"dateReserved": "2025-04-03T20:57:04.892Z",
"dateUpdated": "2025-05-09T13:33:32.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27578 (GCVE-0-2025-27578)
Vulnerability from cvelistv5 – Published: 2025-05-08 22:38 – Updated: 2025-05-09 13:34
VLAI
Title
Pixmeo OsiriX MD Use After Free
Summary
Pixmeo OsiriX MD is vulnerable to a use after free scenario, which could allow an attacker to upload a crafted DICOM file and cause memory corruption leading to a denial-of-service condition.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
Date Public
2025-05-08 17:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27578",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T13:34:08.440479Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T13:34:14.542Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OsiriX MD",
"vendor": "Pixmeo",
"versions": [
{
"lessThanOrEqual": "14.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chizuru Toyama of TXOne Networks and Canaan Kao of TXOne Networks reported these vulnerabilities to CISA."
}
],
"datePublic": "2025-05-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePixmeo OsiriX MD is vulnerable to a use after free scenario, which could allow an attacker to upload a crafted DICOM file and cause memory corruption leading to a denial-of-service condition.\u003c/span\u003e"
}
],
"value": "Pixmeo OsiriX MD is vulnerable to a use after free scenario, which could allow an attacker to upload a crafted DICOM file and cause memory corruption leading to a denial-of-service condition."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T22:38:37.140Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-128-01"
},
{
"url": "https://www.osirix-viewer.com/osirix/osirix-md/"
},
{
"url": "https://www.osirix-viewer.com/about/contact/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePixmeo recommends users to download the latest version of \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.osirix-viewer.com/osirix/osirix-md/\"\u003eOsiriX MD\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eFor additional support regarding OsiriX MD, users should \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.osirix-viewer.com/about/contact/\"\u003econtact Pixmeo\u003c/a\u003e\u0026nbsp;directly.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Pixmeo recommends users to download the latest version of OsiriX MD https://www.osirix-viewer.com/osirix/osirix-md/ .\n\nFor additional support regarding OsiriX MD, users should contact Pixmeo https://www.osirix-viewer.com/about/contact/ \u00a0directly."
}
],
"source": {
"advisory": "ICSMA-25-128-01",
"discovery": "EXTERNAL"
},
"title": "Pixmeo OsiriX MD Use After Free",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-27578",
"datePublished": "2025-05-08T22:38:37.140Z",
"dateReserved": "2025-04-03T20:57:04.881Z",
"dateUpdated": "2025-05-09T13:34:14.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}