CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-1002: MicroDicom DICOM Viewer Improper Certificate Validation

5.7 CVSS

Description

MicroDicom DICOM Viewer version 2024.03

fails to adequately verify the update server's certificate, which could make it possible for attackers in a privileged network position to alter network traffic and carry out a machine-in-the-middle (MITM) attack. This allows the attackers to modify the server's response and deliver a malicious update to the user.

Classification

CVE ID: CVE-2025-1002

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.7

CVSS Vector: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products

Vendor: MicroDicom

Product: DICOM Viewer

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 16.84% (scored less or equal to compared to others)

EPSS Date: 2025-03-11 (when was this score calculated)

References

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-037-01

Timeline

2025-02-06 14:45:27 UTC
All CISA Advisories

MicroDicom DICOM Viewer
2025-02-11 00:32:58 UTC
CVE

MicroDicom DICOM Viewer Improper Certificate Validation