CVE-2025-1001
5.7
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Summary
Medixant RadiAnt DICOM Viewer is vulnerable due to failure of the update mechanism to verify the update server's certificate which could allow an attacker to alter network traffic and carry out a machine-in-the-middle attack (MITM). An attacker could modify the server's response and deliver a malicious update to the user.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Medixant | RadiAnt DICOM Viewer | 2024.02 | affected |
Weaknesses
- CWE-295: CWE-295 Improper Certificate Validation
Workarounds
If users are unable to update to the new version, Medixant recommends the following:
- Disable the display of available updates via this command reg add "HKCU\Software\RadiAnt Viewer" /t REG_DWORD /v CheckUpdate /d 0 /f.
- Do not check manually for updates ("Check for updates now" from the toolbar menu).
- Ignore any update notifications coming from RadiAnt DICOM Viewer, download the latest version directly in the web browser from https://www.radiantviewer.com https://www.radiantviewer.com/ .
- Check the downloaded RadiAnt DICOM Viewer installation package with antivirus software before running it.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-051-01
- https://www.radiantviewer.com/files/RadiAnt-2025.1-Setup.exe
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.