Medixant Releases Security Update for RadiAnt DICOM Viewer

Successful exploitation of CVE-2025-1001 could allow an attacker to perform a machine-in-the-middle attack (MITM)

Threat ID:: CC-4625
Threat Severity:: Medium
Published:: 24 February 2025 3:20 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Successful exploitation of CVE-2025-1001 could allow an attacker to perform a machine-in-the-middle attack (MITM)

Affected platforms

The following platforms are known to be affected:

Versions: All prior to 2025.1

RadiAnt DICOM Viewer

Threat details

Introduction

Medixant has released a security update to address an improper certificate validation vulnerability in RadiAnt DICOM Viewer.

CVE-2025-1001 has a CvSSv4 score of 5.7 and could allow an attacker with privileged network access to impersonate RadiAnt’s update server. An attacker could modify the server's response to deliver a malicious update to the user, performing a machine-in-the-middle (MitM) attack.

Remediation advice

Affected organisations are encouraged to read Medixant's Security Advisory CVE-2025-1001 and apply the update as soon as practicable. Organisations without an active subscription are recommended to follow the advisory's guidance to disable automatic update notifications for RadiAnt DICOM Viewer.

Definitive source of threat updates

https://www.radiantviewer.com/c/security-advisory-cve-2025-1001/

CVE Vulnerabilities

CVE-2025-1001

Medixant RadiAnt DICOM Viewer is vulnerable due to failure of the update mechanism to verify the update server's certificate which could allow an attacker to alter network traffic and carry out a machine-in-the-middle attack (MITM). An attacker could modify the server's response and deliver a malicious update to the user.

Last edited: 24 February 2025 3:20 pm