CVE-2025-1001

Feb. 21, 2025, 1:15 a.m.

5.7
Medium

Description

Medixant RadiAnt DICOM Viewer is vulnerable due to failure of the update mechanism to verify the update server's certificate which could allow an attacker to alter network traffic and carry out a machine-in-the-middle attack (MITM). An attacker could modify the server's response and deliver a malicious update to the user.

Product(s) Impacted

Product Versions
UNKNOWN

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-295
Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.

References

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-051-01
https://www.radiantviewer.com/files/RadiAnt-2025.1-Setup.exe

Tags

ics-cert@hq.dhs.gov
CWE-295
2025-02-21
CVE-2025-1001

CVSS Score

5.7 / 10

CVSS Data

  • Attack Vector: ADJACENT_NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: HIGH
  • Availability Impact: NONE
    • View Vector String

    CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Date

  • Published: Feb. 21, 2025, 1:15 a.m.
  • Last Modified: Feb. 21, 2025, 1:15 a.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

ics-cert@hq.dhs.gov

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.