CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-3480: MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability

5.3 CVSS

Description

MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of MedDream WEB DICOM Viewer. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the Web Portal. The issue results from the lack of encryption when transmitting credentials. An attacker can leverage this vulnerability to disclose transmitted credentials, leading to further compromise. Was ZDI-CAN-25842.

Classification

CVE ID: CVE-2025-3480

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.3

CVSS Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem Types

CWE-522: Insufficiently Protected Credentials

Affected Products

Vendor: MedDream

Product: WEB DICOM Viewer

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 2.28% (scored less or equal to compared to others)

EPSS Date: 2025-06-19 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2025-3480
https://www.zerodayinitiative.com/advisories/ZDI-25-246/

Timeline

2025-05-22 14:40:18 UTC
CVE

MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability