CVE-2025-1002 MEDIUM

CVE-2025-1002: MicroDicom DICOM Viewer Improper Certificate Validation

Vendor Microdicom
Product DICOM Viewer
Weakness CWE-295
Published February 10, 2025
Last update February 10, 2025

CVSS base score

5.7/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

MicroDicom DICOM Viewer version 2024.03 fails to adequately verify the update server's certificate, which could make it possible for attackers in a privileged network position to alter network traffic and carry out a machine-in-the-middle (MITM) attack. This allows the attackers to modify the server's response and deliver a malicious update to the user.

Key dates

02Disclosure timeline

February 10, 2025 CVE published
February 10, 2025 Record updated