Successful exploitation of CVE-2025-1001 could allow an attacker to perform a machine-in-the-middle attack (MITM)
Summary
Successful exploitation of CVE-2025-1001 could allow an attacker to perform a machine-in-the-middle attack (MITM)
Affected platforms
The following platforms are known to be affected:
Threat details
Introduction
Introduction
Medixant has released a security update to address an improper certificate validation vulnerability in RadiAnt DICOM Viewer.
CVE-CVE-2025-1001 has a CvSSv4CvSSv4 score of 5.7 and could allow an attacker with privileged network access to impersonate RadiAnt’s update server. An attacker could modify the server's response to deliver a malicious update to the user, performing a machine-in-the-middle (MitM) attack.
Remediation advice
Affected organisations are encouraged to read Medixant's Security Advisory CVE-2025-1001 and apply the update as soon as practicable. Organisations without an active subscription are recommended to follow the advisory's guidance to disable automatic update notifications for RadiAnt DICOM Viewer.
Definitive source of threat updates
CVE Vulnerabilities
Medixant1001Medixant RadiAnt DICOM Viewer is vulnerable due to failure of the update mechanism to verify the update server's certificate which could allow an attacker to alter network traffic and carry out a machine-in-the-middle attack (MITM). An attacker could modify the server's response and deliver a malicious update to the user.
Last edited: 24 February 2025 3:20 pm