Update Mechanism Vulnerability in Medixant RadiAnt DICOM Viewer
CVE-2025-1001

5.7MEDIUM

Key Information:

Vendor: Medixant
Status: Radiant Dicom Viewer
Vendor: CVE Published:; 21 February 2025

Summary

The Medixant RadiAnt DICOM Viewer is susceptible to exploitation due to an inadequate update mechanism that fails to validate the certificate of the update server. This flaw presents an opportunity for attackers to potentially alter network traffic via a machine-in-the-middle (MITM) attack, enabling them to intercept and deliver compromised updates to users. As a result, users may inadvertently install malicious software, compromising their systems and sensitive data.

Affected Version(s)

RadiAnt DICOM Viewer 2024.02

References

https://www.cisa.gov/news-events/ics-medical-advisories/i...

https://www.radiantviewer.com/files/RadiAnt-2025.1-Setup.exe

CVSS V4

Score:

5.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Feb 21, 2025
Vulnerability Reserved
Feb 3, 2025

Credit

Sharon Brizinov of Claroty Team82 reported this vulnerability to CISA.