Certificate Verification Flaw in MicroDicom DICOM Viewer by MicroDicom
CVE-2025-1002

5.7MEDIUM

Key Information:

Vendor: Microdicom
Status: Dicom Viewer
Vendor: CVE Published:; 10 February 2025

What is CVE-2025-1002?

MicroDicom DICOM Viewer version 2024.03 possesses a flaw in its certificate verification mechanism. This vulnerability can allow attackers who have access to a privileged network position to intercept and manipulate network traffic. By exploiting this weak verification, attackers may perform a machine-in-the-middle (MITM) attack, altering the responses from the update server and potentially deploying malicious updates to unsuspecting users, thereby compromising the integrity and security of the software.

Affected Version(s)

DICOM Viewer 2024.03

References

https://www.cisa.gov/news-events/ics-medical-advisories/i...

CVSS V4

Score:

5.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Feb 10, 2025
Vulnerability Reserved
Feb 3, 2025

Credit

Sharon Brizinov of Claroty Team82 reported this vulnerability to CISA.