Vulnerability Identifier

CVE-2025-1002

2025-02-10

Severity Assessment

5.7

MEDIUM

CVSS v3.x Score

Clinical Analysis (Description)

MicroDicom DICOM Viewer version 2024.03

fails to adequately verify the update server's certificate, which could make it possible for attackers in a privileged network position to alter network traffic and carry out a machine-in-the-middle (MITM) attack. This allows the attackers to modify the server's response and deliver a malicious update to the user.

Vector Sequencing

Attack Parameters

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Impact Consequences

Technical Impact

Unchanged

Scope

None

Confidentiality

High

Integrity

None

Availability

AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Weakness Classification

CWE-CWE-295

View CWE Details ↗

Affected Population

Affected Configurations

Total: 1 detected entries

Software List Scrollable

dicom_viewer

Vendor: microdicom • v2024.3

Timeline

Time Line

PUBLICATION

10 Feb 2025

MODIFICATION

03 Mar 2025

Impact Statistics

Key Metrics

CVSS Score

5.7

MEDIUM

Products

Affected

Articles

Published

Remediation Protocol

Immediate Action Plan

1. Inventory

Identify all affected systems in your infrastructure.

2. Assessment

Assess exposure and criticality for your organization.

3. Mitigation

Apply patches or available workarounds.

4. Verification

Test and confirm effectiveness of applied measures.

Sources & Bibliography

NIST NVD MITRE CVE External Reference ↗

CVE Vulnerabilities

Posts & Pages

CVE-2025-1002

Attack Parameters

Technical Impact

CWE-CWE-295

Affected Configurations

Time Line

Key Metrics

Recommended Solution

Related News Articles

Multiple Vulnerabilities Identified in Red Hat Linux Kernel (December 26, 2025)

Immediate Action Plan

1. Inventory

2. Assessment

3. Mitigation

4. Verification