CVE-2025-1002: MicroDicom DICOM Viewer Improper Certificate Validation

Medium (5.7)

Description

MicroDicom DICOM Viewer version 2024.03 fails to adequately verify the update server's certificate, which could make it possible for attackers in a privileged network position to alter network traffic and carry out a machine-in-the-middle (MITM) attack. This allows the attackers to modify the server's response and deliver a malicious update to the user.

Classification

CVE ID: CVE-2025-1002

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.7

CVSS Vector: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products

Vendor: MicroDicom

Product: DICOM Viewer

Timeline

2025-02-06 14:45:27 UTC
All CISA Advisories

MicroDicom DICOM Viewer
2025-02-11 00:32:58 UTC
CVE

MicroDicom DICOM Viewer Improper Certificate Validation