CVE-2025-1001 MEDIUM

CVE-2025-1001: Medixant RadiAnt DICOM Viewer Improper Certificate Validation

Vendor Medixant
Product RadiAnt DICOM Viewer
Weakness CWE-295
Published February 21, 2025
Last update February 21, 2025

CVSS base score

5.7/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Medixant RadiAnt DICOM Viewer is vulnerable due to failure of the update mechanism to verify the update server's certificate which could allow an attacker to alter network traffic and carry out a machine-in-the-middle attack (MITM). An attacker could modify the server's response and deliver a malicious update to the user.

Key dates

02Disclosure timeline

February 21, 2025 CVE published
February 21, 2025 Record updated