Certificate Verification Flaw in MicroDicom DICOM Viewer by MicroDicom
CVE-2025-1002

5.7MEDIUM

Key Information:

Vendor: Microdicom
Status: Dicom Viewer
Vendor: CVE Published:; 10 February 2025

What is CVE-2025-1002?

MicroDicom DICOM Viewer version 2024.03 possesses a flaw in its certificate verification mechanism. This vulnerability can allow attackers who have access to a privileged network position to intercept and manipulate network traffic. By exploiting this weak verification, attackers may perform a machine-in-the-middle (MITM) attack, altering the responses from the update server and potentially deploying malicious updates to unsuspecting users, thereby compromising the integrity and security of the software.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

DICOM Viewer 2024.03

References

https://www.cisa.gov/news-events/ics-medical-advisories/i...

CVSS V4

Score:

5.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Feb 10, 2025
Vulnerability Reserved
Feb 3, 2025

Credit

Sharon Brizinov of Claroty Team82 reported this vulnerability to CISA.

JSON

Microdicom