CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-1001: Medixant RadiAnt DICOM Viewer Improper Certificate Validation

5.7 CVSS

Description

Medixant RadiAnt DICOM Viewer is vulnerable due to failure of the update mechanism to verify the update server's certificate which could allow an attacker to alter network traffic and carry out a machine-in-the-middle attack (MITM). An attacker could modify the server's response and deliver a malicious update to the user.

Classification

CVE ID: CVE-2025-1001

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.7

CVSS Vector: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Problem Types

CWE-295 Improper Certificate Validation

Affected Products

Vendor: Medixant

Product: RadiAnt DICOM Viewer

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.01% (probability of being exploited)

EPSS Percentile: 0.67% (scored less or equal to compared to others)

EPSS Date: 2025-03-21 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-1001
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-051-01
https://www.radiantviewer.com/files/RadiAnt-2025.1-Setup.exe

Timeline

2025-02-20 16:15:41 UTC
All CISA Advisories

Medixant RadiAnt DICOM Viewer
2025-02-21 01:40:22 UTC
CVE

Medixant RadiAnt DICOM Viewer Improper Certificate Validation