CVE Vulnerabilities

CVE-2025-1002

Improper Certificate Validation

Published: Feb 10, 2025 | Modified: Mar 03, 2025
CVSS 3.x
5.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

MicroDicom DICOM Viewer version 2024.03

fails to adequately verify the update servers certificate, which could make it possible for attackers in a privileged network position to alter network traffic and carry out a machine-in-the-middle (MITM) attack. This allows the attackers to modify the servers response and deliver a malicious update to the user.

Weakness

The product does not validate, or incorrectly validates, a certificate.

Affected Software

Name Vendor Start Version End Version
Dicom_viewer Microdicom 2024.3 (including) 2024.3 (including)

Potential Mitigations

References